On Feb 5, 2008 4:02 PM, Amaury Forgeot d'Arc <amauryfa at gmail.com> wrote: > Guido van Rossum wrote: > > Thanks Amaury! Do you think it would be sufficient to change the > > PyString_Check() call in PyEval_EvalCodeEx into a > > PyString_CheckExact() call? > > This would prevent this "attack", but would remain fragile - future > developments could allow execution of python code somewhere. > > > Or is the proper fix to incref the values > > going into the kw array and decref them upon exit? > > Yet Another Kind Of Tuple... However this seems the correct thing to do. Agreed. > In addition, if we agree to restrict arguments names to str (and > disallow subclasses), there are easy optimizations in > PyEval_EvalCodeEx, somewhere around the "XXX slow" comment (!) Do you think you have time to come up with a patch? If not, can you file a bug for this so we won't forget? -- --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4