[Python-Dev] Cookie.py security (original) (raw)

Jeremy Hylton jeremy@beopen.com
Wed, 30 Aug 2000 21:55:24 -0400 (EDT)

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"GS" == Greg Stein <gstein@lyra.org> writes:

GS> On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote:

... But neither marshal nor pickle is safe. It is possible to cause a core dump by passing marshal invalid data. It may also be possible to launch a stack overflow attack -- not sure.

GS> I believe those core dumps were fixed. Seems like I remember GS> somebody doing some work on that.

GS> ??

Aha! I hadn't notice that patch sneaking in. I brought it up with Guido a few months ago and he didn't want to make changes to marshal because, IIRC, marshal exists only because .pyc files need it.

Jeremy

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]