[Python-Dev] Question about PEP 330 -- Python Bytecode Verification

[Raymond Hettinger]

Do we have *any* known use cases where we would actually run bytecode
that was suspicious enough to warrant running a well-formedness check?

In assessing security risks, the PEP notes, "Practically, it would be
difficult for a malicious user to 'inject' invalid bytecode into a PVM
for the purposes of exploitation, but not impossible."

Can that ever occur without there being a far greater risk of malicious,
but well-formed bytecode?

If you download a file, foo.pyc, from an untrusted source and run it in
a susceptible environment, does its well-formedness give you *any*
feeling of security.  I think not.

There isn't anything wrong with having a verifier module, but I can't
think of any benefit that would warrant changing the bytecode semantics
just to facilitate one of the static stack checks.



Raymond