[Python-3000] Immutable bytes type and bsddb or other IO

[Guido van Rossum]

On 8/27/07, Gregory P. Smith <greg at krypto.org> wrote:
> I'm sure the BerkeleyDB library is not expecting the data passed in as
> a lookup key to change mid database traversal.  No idea if it'll
> handle that gracefully or not but I wouldn't expect it to and bet its
> possible to cause a segfault and/or irrepairable database damage that
> way.  The same goes for any other C APIs that you may pass data to
> that release the GIL.

In the case of BerkeleyDB I find this a weak argument -- there are so
many other things you can do to that API from Python that might cause
it to go beserk, that mutating the bytes while it's looking at them
sounds like a rather roundabout approach to sabotage.

Now, in general, I'm the first one to worry about techniques that
could let "pure Python" code cause a segfault, but when using a 3rd
party library, there usually isn't a choice.

Yet another thing is malignant *data*, but that's not the case here --
you would have to actively write evil code to trigger this condition.
So I don't see this as a security concern (otherwise the mere
existence of code probably would qualify as a security concern ;-).

IOW I'm not worried. (Though I'm not saying I would reject a patch
that adds the data locking facility to the bytes type. :-)

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)