[Python-Dev] Is core dump always a bug? Advice requested

Michael Hudson mwh at python.net
Tue May 18 07:04:46 EDT 2004


Michel Pelletier <michel at dialnetwork.com> writes:

> do you think there is a risk of exploitation?  for example, STORE_FAST, which 
> does a direct set into PyObject **fastlocals, could be used to overwrite 
> beyond the bounds of the array.  Can this or a stack over/underflow be used 
> to execute arbitrary machine code?

If you're loading arbitrary bytecode, you will presumably at some
point be executing it, and that seems a much greater risk to me.

Cheers,
mwh

-- 
  We've had a lot of problems going from glibc 2.0 to glibc 2.1.
  People claim binary compatibility.  Except for functions they
  don't like.                       -- Peter Van Eynde, comp.lang.lisp



More information about the Python-Dev mailing list