buffer overflow

Martin Maney maney at pobox.com
Sat Jan 18 03:05:47 CET 2003


Tim Peters <tim.one at comcast.net> wrote:
> [donoli]
>> I have two machines, FreeBSD 4,2  and  W2K pro.  I'd like to test the
>> security on both of them against a buffer overflow.  If someone has
>> the code in python for a buffer overflow, please post it.
>> donoli.
> 
> [Martin v. Loewis]
>> Python does not support buffer overflows, sorry.
> 
> [pmaney at pobox.com]

No 'p' there, and I thought I configured that.  Hmph.

>> I'm sure they could be added by a C extension module.
> 
> They already were

And here I thought I was making a funny.

> and, curiously enough, by the builtin bufferobject.c.
> That supplies the builtin, little understood, and easily abused buffer
> object.  For fun, run this:  [...]

Am I missing something a little more descriptive than the brief blurb
in the Library Reference, or is this thing intended to be undocumented?

> Some of the smarest people I know have refused to fix this <wink>.

If I've guessed the purpose of this little monster, there's probably
not any way to fix it without losing its reason for being.  So, what's
it used for, aside from breaking my feeble attempt at a joke?




More information about the Python-list mailing list