[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

Stephen J. Turnbull stephen at xemacs.org
Wed Feb 26 05:11:32 CET 2014


Donald Stufft writes:

 > Instead of pre-generating one set of values that can be be used to
 > DoS things you have to pre-generate 256 sets of values and try them
 > until you get the right one. It’s like putting on armor made of
 > paper and saying it’s harder to stab you now.

You obviously don't watch "Burn Notice."  Paper armor worked great for
Michael Weston!

Unpacking, not all crackers are serious.  I'd be willing to bet that
there are a number of script kiddies who are *still* running scripts
that only know about the first hole.  What's to lose by beating them?




More information about the Python-Dev mailing list