[Python-Dev] Cookie.py security
Trent Mick
trentm@ActiveState.com
Wed, 30 Aug 2000 21:34:44 -0700
On Wed, Aug 30, 2000 at 06:53:10PM -0700, Greg Stein wrote:
> On Wed, Aug 30, 2000 at 09:21:23PM -0400, Jeremy Hylton wrote:
> >...
> > But neither marshal nor pickle is safe. It is possible to cause a
> > core dump by passing marshal invalid data. It may also be possible to
> > launch a stack overflow attack -- not sure.
>
> I believe those core dumps were fixed. Seems like I remember somebody doing
> some work on that.
>
> ??
Nope, I think that there may have been a few small patches but the
discussions to fix some "brokeness" in marshal did not bear fruit:
http://www.python.org/pipermail/python-dev/2000-June/011132.html
Oh, I take that back. Here is patch that supposedly fixed some core dumping:
http://www.python.org/pipermail/python-checkins/2000-June/005997.html
http://www.python.org/pipermail/python-checkins/2000-June/006029.html
Trent
--
Trent Mick
TrentM@ActiveState.com