[Python-Dev] Is core dump always a bug? Advice requested (original) (raw)

Bob Ippolito bob at redivi.com
Tue May 11 00:49:37 EDT 2004

On May 11, 2004, at 12:20 AM, Greg Ewing wrote:

Guido:

As long as it's possible to attempt to execute arbitrary strings as bytecode, I'd say ceval should be robust against this. This ought to be a long-term project then: write a bytecode verifier. It's not a trivial task! When I wrote that, I was assuming that ceval was already mostly robust in this respect, and that what was being reported was a new hole recently opened up. But it appears I was gravely mistaken, and that ceval has been full of gaping holes from the beginning. I'm disappointed to learn this, because I had always regarded it as an axiom that no Python-level code should be capable of crashing the interpreter, and if it can, this represents a bug. However, it seems this axiom has not been adhered to in the design of ceval.

Well with modules like ctypes and PyObjC becoming more common, it's pretty easy to make the interpreter crash whenever you really want it to :)

Python is no Java, there's not even a real attempt to bake security into it.. only good programming practices. Doing extensive checking of bytecode at runtime would make Python's interpreter much slower than it already is. I can't imagine that someone with a real need for mangling bytecode is going to need their hand held here. In most cases such a person is probably already pretty familiar with the VM at the CPython implementation level anyways (since it's not really documented elsewhere, as far as I know).

As far as bytecode verification goes, I would imagine that running it through PyPy might be good enough to see if it's sane (assuming PyPy supports the same bytecode in a similar enough way).

-bob

More information about the Python-Dev mailing list