On Tue, Jun 20, 2017 at 4:48 PM, Richard Hipp <d...@sqlite.org> wrote:
> Review and criticism of this change is welcomed. > Is an artificial stack limit really necessary? i can't personally conceive of any attacks which could cause fossil to recurse unduly (but i'm also someone uncreative when it comes to attack vectors). If an attacker can inject tcl/th1 code, then sure, but if they can do that they presumably own the repo. -- ----- stephan beal http://wanderinghorse.net/home/stephan/ "Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do." -- Bigby Wolf _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev