On Wed, Aug 30, 2000 at 06:53:10PM -0700, Greg Stein wrote:
On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote:
... But neither marshal nor pickle is safe. It is possible to cause a core dump by passing marshal invalid data. It may also be possible to launch a stack overflow attack -- not sure.
I believe those core dumps were fixed. Seems like I remember somebody doing some work on that.
??
Nope, I think that there may have been a few small patches but the discussions to fix some "brokeness" in marshal did not bear fruit: http://www.python.org/pipermail/python-dev/2000-June/011132.html Oh, I take that back. Here is patch that supposedly fixed some core dumping: http://www.python.org/pipermail/python-checkins/2000-June/005997.html http://www.python.org/pipermail/python-checkins/2000-June/006029.html Trent -- Trent Mick TrentM@ActiveState.com