[Python-Dev] Possible bugs and security holes in getpass.py (original) (raw)
Guido van Rossum guido at python.org
Mon Dec 1 23:31:56 EST 2003
- Previous message: [Python-Dev] Possible bugs and security holes in getpass.py
- Next message: [Python-Dev] Re: [Python-checkins] python/dist/src/Lib site.py, 1.53.6.1, 1.53.6.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
1,2,3,5 are possible security holes in addition to being possible bugs.
Although I don't completely understand all the details, it appears to me that getpass.c is more correct then getpass.py.
Sorry, but this just doesn't make sense. There are so many differences between C and Python that you can't just compare a C and a Python version of a function and pointing at the differences as possible security holes or bugs. If you want to be helpful, I please try to understand the details, and then see if there are actual bugs or security holes instead of just "possible" ones.
Looking for security issues is serious business. (It pays my bills. :-) But people shouldn't go around pointing out "possible" security holes without understanding what they are talking about -- spreading fear doesn't help real security. It is unlikely that a beginning programmer can find a security hole in a piece of software without dumb luck.
--Guido van Rossum (home page: http://www.python.org/~guido/)
- Previous message: [Python-Dev] Possible bugs and security holes in getpass.py
- Next message: [Python-Dev] Re: [Python-checkins] python/dist/src/Lib site.py, 1.53.6.1, 1.53.6.2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]