On 2 July 2010 01:03, Sturla Molden <[email protected]> wrote: > Lisandro Dalcin skrev: >> In Python 2.7, creating a PyCObject is marked with >> PendingDeprecationWarning... Should we special case 2.7 and use >> PyCapsule ? >> >> > All programs that use PyCObject become a security problem. PyCObject > makes no "type checks" on the void pointer, and can therefore be used to > crash the interpreter or execute exploit code as destructor. "Type > checking" void pointers might seem like a misnomer. But what PyCapsule > does is to associalte the pointer with a name (a character string), that > sort of acts like an access password or run-time type information. >
1) PyCObject_FromVoidPtrAndDesc() and PyCObject_GetDesc() serve to associate extra info on the pointer. 2) IMHO, the way to better handle the security issue is by providing slots and API's in module and type objects. But at this point, discussing on this is pointless. I'm just asking if Cython should avoid the warning/error when running under "python -W default/error ..." . I think we should fix it, I volunteer to do it. Sturla, I should count your comment as a +1, right?. What other people think? -- Lisandro Dalcin --------------- CIMEC (INTEC/CONICET-UNL) Predio CONICET-Santa Fe Colectora RN 168 Km 472, Paraje El Pozo Tel: +54-342-4511594 (ext 1011) Tel/Fax: +54-342-4511169 _______________________________________________ Cython-dev mailing list [email protected] http://codespeak.net/mailman/listinfo/cython-dev
