[Python-Dev] Deprecate invalid ctypes call protection on Windows
Guido van Rossum
guido at python.org
Mon May 22 14:25:00 EDT 2017
Sounds good to me.
On Mon, May 22, 2017 at 11:17 AM, Steve Dower <steve.dower at python.org>
wrote:
> One of the main reasons we are stuck with an old libffi fork in CPython is
> because the newer versions do not support protection from calling functions
> with too few/many arguments:
>
> https://docs.python.org/3/library/ctypes.html?highlight=ctyp
> es#calling-functions
>
> There are a number of caveats here, including "this only works on
> Windows", but since it is documented we cannot just remove the behaviour
> without a deprecation period.
>
> I'd like to propose a highly-accelerated deprecation period for this
> specific feature, starting in CPython 3.6.2 and being "completed" in 3.7.0,
> when we will hopefully move onto a newer libffi.
>
> In general, the "feature" is a misfeature anyway, since calling a native
> function with incorrect arguments is unsupported and a very easy way to
> cause information leakage or code execution vulnerabilities. There may be
> an argument for removing the functionality immediately, but honestly I
> think changing libffi in a point release is higher risk.
>
> Once the special protection is removed, most of these cases will become
> OSError due to the general protection against segmentation faults. Some
> will undoubtedly fall through the cracks and crash the entire interpreter,
> but these are unavoidable (and really ought to crash to avoid potential
> exploits).
>
> Does anyone have any reasons to oppose this? It already has votes from
> another Windows expert and the 3.6/3.7 Release Manager, but we wanted to
> see if anyone has a concern we haven't thought of.
>
> Cheers,
> Steve
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/guido%
> 40python.org
>
--
--Guido van Rossum (python.org/~guido)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170522/57d970e5/attachment.html>
More information about the Python-Dev
mailing list