Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2004-May/044887.html below:

[Python-Dev] Is core dump always a bug? Advice requested

• Previous message: [Python-Dev] Is core dump always a bug? Advice requested
• Next message: [Python-Dev] Weekly Python Bug/Patch Summary
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michel Pelletier <michel at dialnetwork.com> writes:

> do you think there is a risk of exploitation?  for example, STORE_FAST, which 
> does a direct set into PyObject **fastlocals, could be used to overwrite 
> beyond the bounds of the array.  Can this or a stack over/underflow be used 
> to execute arbitrary machine code?

If you're loading arbitrary bytecode, you will presumably at some
point be executing it, and that seems a much greater risk to me.

Cheers,
mwh

-- 
  We've had a lot of problems going from glibc 2.0 to glibc 2.1.
  People claim binary compatibility.  Except for functions they
  don't like.                       -- Peter Van Eynde, comp.lang.lisp

• Previous message: [Python-Dev] Is core dump always a bug? Advice requested
• Next message: [Python-Dev] Weekly Python Bug/Patch Summary
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4