[Spambayes] Outlook plugin crash

[Coe, Bob]

Aha!! That was it! After Tim's encouragement, I tried Spambayes again
with the data execution prohibition disabled, and it worked.

Maybe some of the other reported crashes have a similar origin. But my
own experience suggests that other Windows apps have similar problems
with the option, which I suspect will lead most people not to use it.
Maybe other manufacturers won't adopt it anyway.

Alas, I dug myself another hole while working on Spambayes last night.
I'll seek help for that one in a separate message.

Bob


> -----Original Message-----
> From: Tim Peters [mailto:tim.peters at gmail.com] 
> Sent: Tuesday, January 17, 2006 12:55 PM
> To: Coe, Bob
> Cc: spambayes at python.org
> Subject: Re: [Spambayes] Outlook plugin crash
> 
> 
> [Coe, Bob]
> > Can someone with a knowledge of the plugin code tell me whether it 
> > violates the modern fad of scrupulously avoiding the execution of 
> > data? Old-time coders like me used to do it all the time. (You can
get 
> > away with it even in recursive and reentrant programs if you're 
> > careful.) But it's considered a security risk today, and the GX620
has 
> > a factory-preset BIOS option to prevent it. During the weekend,
after 
> > I sent my original note, I found a program that wouldn't run on my 
> > computer until I disabled that option. I'm wondering now whether I 
> > ought to make another run at Spambayes with the option turned off.
Any 
> > advice for me?
> 
> Python never executes data, but _something_ invoked when 
> SpamBayes runs does.  There are long discussions of this on 
> the SB bug tracker, but SourceForge appears to be hosed at 
> the moment so I can't get a reference for you now.  Look for 
> bug 988095.
> 
> It's definitely worth trying SB with the option disabled.
>