[Python-Dev] Cookie.py security (original) (raw)

Trent Mick trentm@ActiveState.com
Wed, 30 Aug 2000 21:34:44 -0700

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 30, 2000 at 06:53:10PM -0700, Greg Stein wrote:

On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote: >... > But neither marshal nor pickle is safe. It is possible to cause a > core dump by passing marshal invalid data. It may also be possible to > launch a stack overflow attack -- not sure.

I believe those core dumps were fixed. Seems like I remember somebody doing some work on that. ??

Nope, I think that there may have been a few small patches but the discussions to fix some "brokeness" in marshal did not bear fruit:

http://www.python.org/pipermail/python-dev/2000-June/011132.html

Oh, I take that back. Here is patch that supposedly fixed some core dumping:

http://www.python.org/pipermail/python-checkins/2000-June/005997.html http://www.python.org/pipermail/python-checkins/2000-June/006029.html

Trent

-- Trent Mick TrentM@ActiveState.com

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]