[Python-Dev] Is Lib/test/crashers/recursive_call.py really a crasher? (original) (raw)

Armin Rigo arigo at tunes.org
Wed Jun 28 12:44:31 CEST 2006

• Previous message: [Python-Dev] Is Lib/test/crashers/recursive_call.py really a crasher?
• Next message: [Python-Dev] School IIb?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Brett,

On Tue, Jun 27, 2006 at 10:32:08AM -0700, Brett Cannon wrote:

OK, with you and Thomas both wanting to keep it I will let it be. I just won't worry about fixing it myself during my interpreter hardening crusade.

I agree with this too. If I remember correctly, you even mentioned in your rexec docs that sys.setrecursionlimit() should be disallowed from being run by untrusted code, which means that an untrusted interpreter would be safe.

I guess we could add an example of a bogus 'new.code()' call in the Lib/test/crashers directory too, without you having to worry about it in untrusted mode if new.code() is forbidden. I could also add my 'gc.get_referrers()' attack, which should similarly not be callable from untrusted code anyway.

A bientot,

Armin

• Previous message: [Python-Dev] Is Lib/test/crashers/recursive_call.py really a crasher?
• Next message: [Python-Dev] School IIb?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list