Has anybody here heard about this, and, if so, is it anything we should be thinking about:
How your compiler may be compromising application security http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising...
Am 31.10.2013 15:48, schrieb MRAB:
Has anybody here heard about this, and, if so, is it anything we should be thinking about:
How your compiler may be compromising application security http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising...
http://bugs.python.org/issue17405 addresses one issue with dead code elimination.
Interesting read. I'm surprised that the researchers didn't contact us, since the article mentions they found 5 bugs in Python. Regarding security: the article seems to use that term mostly to attract eyeballs; there are no specifics, just the implication that this *could* affect security.
But it's hardly news -- as GCC versions became more aggressive we've had to fix our share of undefined code in Python. Usually the unittests catch these early.
On Thu, Oct 31, 2013 at 7:48 AM, MRAB python@mrabarnett.plus.com wrote:
Has anybody here heard about this, and, if so, is it anything we should be thinking about:
How your compiler may be compromising application security http://www.itworld.com/**security/380406/how-your-** compiler-may-be-compromising-**application-securityhttp://www.itworld.com/security/380406/how-your-compiler-may-be-compromising-application-security ______________________________**_________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/**mailman/listinfo/python-devhttps://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/**mailman/options/python-dev/** guido%40python.orghttps://mail.python.org/mailman/options/python-dev/guido%40python.org
I believe the 5 problems they found in Python were dealt with here http://bugs.python.org/issue17016
2013/10/31 MRAB python@mrabarnett.plus.com:
Has anybody here heard about this, and, if so, is it anything we should be thinking about:
How your compiler may be compromising application security http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising... _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/benjamin%40python.org
31.10.13 16:56, Benjamin Peterson написав(ла):
I believe the 5 problems they found in Python were dealt with here http://bugs.python.org/issue17016
Ah, now I have remembered author's name.
http://bugs.python.org/issue18684 contains some other fixes of this kind.
Am 31.10.2013 15:48, schrieb MRAB:
Has anybody here heard about this, and, if so, is it anything we should be thinking about:
How your compiler may be compromising application security http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising...
I didnt' see this at first:
STACK was run against a number of systems written in C/C++ and it found 160 new bugs in the systems tested, including ... and Python (5).
Has anybody contact us? I neither saw a bug report nor a mail to PSRT.
Christian
On 10/31/2013 10:57 AM, Christian Heimes wrote:
I didnt' see this at first:
STACK was run against a number of systems written in C/C++ and it found 160 new bugs in the systems tested, including ... and Python (5).
Has anybody contact us? I neither saw a bug report nor a mail to PSRT.
from http://css.csail.mit.edu/stack/
Our software is hosted on Github at https://github.com/xiw/stack/. Obtain the latest code of STACK using: git clone git://github.com/xiw/stack See README and INSTALL for more information.
-
Benjamin Peterson -
Christian Heimes -
Guido van Rossum -
MRAB -
Serhiy Storchaka -
Terry Reedy