Hi Brett, On Tue, Jun 27, 2006 at 10:32:08AM -0700, Brett Cannon wrote: > OK, with you and Thomas both wanting to keep it I will let it be. I just > won't worry about fixing it myself during my interpreter hardening crusade. I agree with this too. If I remember correctly, you even mentioned in your rexec docs that sys.setrecursionlimit() should be disallowed from being run by untrusted code, which means that an untrusted interpreter would be safe. I guess we could add an example of a bogus 'new.code()' call in the Lib/test/crashers directory too, without you having to worry about it in untrusted mode if new.code() is forbidden. I could also add my 'gc.get_referrers()' attack, which should similarly not be callable from untrusted code anyway. A bientot, Armin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4