[Python-Dev] Is Lib/test/crashers/recursive_call.py really a crasher?
Armin Rigo
arigo at tunes.org
Wed Jun 28 12:44:31 CEST 2006
Hi Brett,
On Tue, Jun 27, 2006 at 10:32:08AM -0700, Brett Cannon wrote:
> OK, with you and Thomas both wanting to keep it I will let it be. I just
> won't worry about fixing it myself during my interpreter hardening crusade.
I agree with this too. If I remember correctly, you even mentioned in
your rexec docs that sys.setrecursionlimit() should be disallowed from
being run by untrusted code, which means that an untrusted interpreter
would be safe.
I guess we could add an example of a bogus 'new.code()' call in the
Lib/test/crashers directory too, without you having to worry about it in
untrusted mode if new.code() is forbidden. I could also add my
'gc.get_referrers()' attack, which should similarly not be callable from
untrusted code anyway.
A bientot,
Armin
More information about the Python-Dev
mailing list