This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author benjamin.peterson
Recipients amaury.forgeotdarc, benjamin.peterson, jwp
Date 2009-02-19.01:37:48
SpamBayes Score 7.2955975e-10
Marked as misclassified No
Message-id <[email protected]>
In-reply-to <[email protected]>
Content 
On Wed, Feb 18, 2009 at 4:51 PM, Amaury Forgeot d'Arc
<[email protected]> wrote:
>
> Amaury Forgeot d'Arc <[email protected]> added the comment:
>
> I carefully looked at all places that store ->ob_type or Py_TYPE() in a
> local variable, and I could not find any exploit. Most places don't
> reuse the type once the method or the slot has been called.

Thanks for looking!

>
> Two places were harder to analyze: subtype_clear (but an attack would
> use __del__, and use a reference cycle: subtype_clear is never called in
> this case) and PyObject_Generic(Get|Set)Attr (the only escape path to
> python code could be through PyType_Ready; but it has already been
> called for heap types)

Well, I think we can deal with those if they are reported. Go ahead
and apply the patch.
History
Date User Action Args
2009-02-19 01:37:52benjamin.petersonsetrecipients: + benjamin.peterson, amaury.forgeotdarc, jwp
2009-02-19 01:37:50benjamin.petersonlinkissue5283 messages
2009-02-19 01:37:48benjamin.petersoncreate