when format strings attack

Gabriel Genellina gagsl-py at yahoo.com.ar
Fri Jan 19 17:59:37 CET 2007


"Nick Maclaren" <nmm1 at cus.cam.ac.uk> escribió en el mensaje
news:eoqr1s$khg$1 at gemini.csx.cam.ac.uk...
> In article <mailman.2908.1169221530.32031.python-list at python.org>,
> "Gabriel Genellina" <gagsl-py at yahoo.com.ar> writes:
> |>
> |> Pure Python programs are not affected, but a review of the C
> implementation
> |> should be made to see if any (variant of) printf is used without a
> proper
> |> format. Anyway I doubt you could find something, because the
> vulnerability
> |> is so well known for ages.
>
> Not really.  There are LOTS of vulnerabilities that have been known
> for ages and are still legion.  The reason that this is unlikely is
> that it is both easy to spot and trivial to fix.

Yes... Anyway, unless someone actually *do* revise the code, if it's easy or
not has no importance. I think that some automated tools were used to find
problems, but I don't know if this specific vulnerability was searched.

-- 
Gabriel Genellina





More information about the Python-list mailing list