Larry Hastings added the comment:
It's only used for signatures in builtins. Any possible security hole here is
uninteresting because the evil hacker already got to run arbitrary C code in
the module init.
Because it's only used for signatures in builtins, we shouldn't encounter a
function with a mutable default value like {} or [] which gets mutated later.
Builtins don't have those.
In case you're wondering about the "trusted" parameter, that was suggested by
Nick Coghlan at the PyCon sprints. He's thinking that other callers may use
_signature_fromstr() in the future, and he wanted the API to make it clear that
future uses may be on non-trustworthy sources.
And, finally, consider that the original version already calls eval().
Admittedly it uses eval() in a way that should be much harder to exploit. But
it's not an enormous difference between the two calls.
I don't really think we need to post to python-dev about this.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23967>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
