[Python-Dev] pymalloc killer
Tim Peters
tim.one@comcast.net
Sat, 30 Mar 2002 14:30:54 -0500
[Michael Hudson]
> Parachuting into a random point in the thread...
>
> Does this have any real bearing on 2.2.1? Should pymalloc have a mild
> warning sticker applied to it for this release? Or is this just
> another possible-to-exploit but basically impossible to run into by
> accident hole in Python?
pymalloc wasn't enabled by default in 2.2 because it was still considered
experimental, and with known open issues. So it was a "use at your own
risk" thing. The only thing that's changed is that anyone reading
Python-Dev can now pick up a Python routine that will damage a system using
pymalloc. In an odd sense, that makes paranoid people safer than before,
because now they know for sure it's vulnerable to attack.
> You'll excuse me if I don't want to backport recent pymalloc changes
> to release22-maint...
Indeed not -- these are Big Changes. Benign neglect is appropriate for
2.2.1.