[Python-Dev] Cookie.py security

[Trent Mick]

On Wed, Aug 30, 2000 at 06:53:10PM -0700, Greg Stein wrote:
> On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote:
> >...
> > But neither marshal nor pickle is safe.  It is possible to cause a
> > core dump by passing marshal invalid data.  It may also be possible to
> > launch a stack overflow attack -- not sure.
> 
> I believe those core dumps were fixed. Seems like I remember somebody doing
> some work on that.
> 
> ??

Nope, I think that there may have been a few small patches but the
discussions to fix some "brokeness" in marshal did not bear fruit:

http://www.python.org/pipermail/python-dev/2000-June/011132.html


Oh, I take that back. Here is patch that supposedly fixed some core dumping:

http://www.python.org/pipermail/python-checkins/2000-June/005997.html
http://www.python.org/pipermail/python-checkins/2000-June/006029.html


Trent


-- 
Trent Mick
TrentM@ActiveState.com