Benjamin Peterson <benja...@python.org> added the comment: On Wed, Feb 18, 2009 at 4:51 PM, Amaury Forgeot d'Arc <rep...@bugs.python.org> wrote: > > Amaury Forgeot d'Arc <amaur...@gmail.com> added the comment: > > I carefully looked at all places that store ->ob_type or Py_TYPE() in a > local variable, and I could not find any exploit. Most places don't > reuse the type once the method or the slot has been called.
Thanks for looking! > > Two places were harder to analyze: subtype_clear (but an attack would > use __del__, and use a reference cycle: subtype_clear is never called in > this case) and PyObject_Generic(Get|Set)Attr (the only escape path to > python code could be through PyType_Ready; but it has already been > called for heap types) Well, I think we can deal with those if they are reported. Go ahead and apply the patch. _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue5283> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
