Re: [Python-Dev] pymalloc killer

Parachuting into a random point in the thread... Does this have any real bearing on 2.2.1? Should pymalloc have a mild warning sticker applied to it for this release? Or is this just another possible-to-exploit but basically impossible to run into by accident hole in Python? You'll excuse me if I don't want to backport recent pymalloc changes to release22-maint... Cheers, M. -- The gripping hand is really that there are morons everywhere, it's just that the Americon morons are funnier than average. -- Pim van Riezen, alt.sysadmin.recovery

Michael Hudson <mwh@python.net> writes:
Does this have any real bearing on 2.2.1?
No, I don't think so. If anybody enables pymalloc in 2.2, they risk problems in case of broken extensions, but none of the standard modules would cause problems. Regards, Martin

[Michael Hudson]
Parachuting into a random point in the thread...
Does this have any real bearing on 2.2.1? Should pymalloc have a mild warning sticker applied to it for this release? Or is this just another possible-to-exploit but basically impossible to run into by accident hole in Python?
pymalloc wasn't enabled by default in 2.2 because it was still considered experimental, and with known open issues. So it was a "use at your own risk" thing. The only thing that's changed is that anyone reading Python-Dev can now pick up a Python routine that will damage a system using pymalloc. In an odd sense, that makes paranoid people safer than before, because now they know for sure it's vulnerable to attack.
You'll excuse me if I don't want to backport recent pymalloc changes to release22-maint...
Indeed not -- these are Big Changes. Benign neglect is appropriate for 2.2.1.
participants (3)
-
martin@v.loewis.de
-
Michael Hudson
-
Tim Peters