[Python-Dev] Include ctypes into core Python? (original) (raw)

Thomas Wouters thomas at xs4all.net
Wed Jan 11 14:54:40 CET 2006

On Wed, Jan 11, 2006 at 07:59:50AM -0500, Barry Warsaw wrote:

BTW, although I'm pretty sure the answer is "no" (at least, I hope it is), is anyone aware of a situation where the mere importation of a module can cause Python to crash?

Well, I assume you aren't importing any 'hostile' code, nor running in an uncontrolled environment so I guess you mean other than running out of memory, or the module you are importing actually executing one of the ways to crash Python? Or the module being an extension module that crashes on import? Or another extension module having corrupted the Python environment to a point where a simple import crashes Python? Or a non-extension module using one of the vulnerabilities (in, say, marshal, or pickle) to corrupt the Python environment? Or stuff in os.environ, like LD_* variables, that interfere with library linking? Ponder, ponder, no, can't think of any. :)

The pickle vulnerability came up last year, when someone on #python was subclassing a builtin type (string or dict, I think the latter) that was using a magical invocation of (IIRC) new on unpickle. The subclassed new didn't handle this right, so the baseclass new wasn't getting called right, and the new object's addressspace was not initialized. This lead to crashes. I don't remember the details exactly, and my continuous advice of not subclassing builtin types unless you know what you're doing solved the issue (there was no actual need to subclass, there), and I have no idea whether that specific issue was solved or not, but I'm trying to find it again :)

-- Thomas Wouters <thomas at xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!

More information about the Python-Dev mailing list