[Python-Dev] Possible bugs and security holes in getpass.py

Guido van Rossum guido at python.org
Mon Dec 1 23:31:56 EST 2003

> 1,2,3,5 are possible security holes in addition to being possible bugs.
> Although I don't completely understand all the details, it appears
> to me that getpass.c is more correct then getpass.py.

Sorry, but this just doesn't make sense.  There are so many
differences between C and Python that you can't just compare a C and a
Python version of a function and pointing at the differences as
possible security holes or bugs.  If you want to be helpful, I please
try to understand the details, and then see if there are *actual* bugs
or security holes instead of just "possible" ones.

Looking for security issues is serious business.  (It pays my
bills. :-)  But people shouldn't go around pointing out "possible"
security holes without understanding what they are talking about --
spreading fear doesn't help real security.  It is unlikely that a
beginning programmer can find a security hole in a piece of software
without dumb luck.

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list