This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients Mark.Shannon, benjamin.peterson, larry, lemburg, njs, pitrou, serhiy.storchaka
Date 2015-08-31.09:01:06
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <[email protected]>
In-reply-to <[email protected]>
Content 
On 31.08.2015 10:44, Nathaniel Smith wrote:
> Before anyone panics about security issues, do keep in mind that the patch you're talking about
reverting fixed a buffer overflow which I strongly suspect could be used to accomplish arbitrary
code execution.
> ... it lets you trigger assert checks that abort the interpreter, but AFAICT it doesn't violate memory safety or allow arbitrary code execution.

I'm sure a buffer overflow can be fixed in other ways than allowing
42 to print out the Zen of Python when asked for a repr() ;-)

And if Serhiy can sneak in an os.system('rm -rf /') into a harmless
operation such as 42 + 2, I do believe we can call this arbitrary
code execution, even more so, since the patch only applies to a single
integer object which happens to be a singleton in CPython.

The point is: Python code will generally assume that it can trust
builtin types. It doesn't expect 42 + 2 to clear out the root dir,
just because some package installed from PyPI happens to feel in the
mood for Easter eggs :-)
History
Date User Action Args
2015-08-31 09:01:07lemburgsetrecipients: + lemburg, pitrou, larry, benjamin.peterson, njs, Mark.Shannon, serhiy.storchaka
2015-08-31 09:01:07lemburglinkissue24912 messages
2015-08-31 09:01:06lemburgcreate