[Python-Dev] Is Lib/test/crashers/recursive_call.py really a crasher?

Armin Rigo arigo at tunes.org
Wed Jun 28 12:44:31 CEST 2006

Hi Brett,

On Tue, Jun 27, 2006 at 10:32:08AM -0700, Brett Cannon wrote:
> OK, with you and Thomas both wanting to keep it I will let it be.  I just
> won't worry about fixing it myself during my interpreter hardening crusade.

I agree with this too.  If I remember correctly, you even mentioned in
your rexec docs that sys.setrecursionlimit() should be disallowed from
being run by untrusted code, which means that an untrusted interpreter
would be safe.

I guess we could add an example of a bogus 'new.code()' call in the
Lib/test/crashers directory too, without you having to worry about it in
untrusted mode if new.code() is forbidden.  I could also add my
'gc.get_referrers()' attack, which should similarly not be callable from
untrusted code anyway.

A bientot,


More information about the Python-Dev mailing list