[Python-Dev] Is core dump always a bug? Advice requested (original) (raw)

Michael Hudson mwh at python.net
Tue May 18 07:04:46 EDT 2004

• Previous message: [Python-Dev] Is core dump always a bug? Advice requested
• Next message: [Python-Dev] Weekly Python Bug/Patch Summary
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michel Pelletier <michel at dialnetwork.com> writes:

do you think there is a risk of exploitation? for example, STOREFAST, which does a direct set into PyObject **fastlocals, could be used to overwrite beyond the bounds of the array. Can this or a stack over/underflow be used to execute arbitrary machine code?

If you're loading arbitrary bytecode, you will presumably at some point be executing it, and that seems a much greater risk to me.

Cheers, mwh

-- We've had a lot of problems going from glibc 2.0 to glibc 2.1. People claim binary compatibility. Except for functions they don't like. -- Peter Van Eynde, comp.lang.lisp

• Previous message: [Python-Dev] Is core dump always a bug? Advice requested
• Next message: [Python-Dev] Weekly Python Bug/Patch Summary
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list