Nathaniel Smith <n...@pobox.com> added the comment:
Python's 'id' function exposes raw memory addresses constantly. As long as they're just integers, they can't do much harm. (In Rust, taking a pointer to a random object is considered totally safe, can be done anywhere. It's *dereferencing* a pointer where you need special 'unsafe' annotations.) Addresses can potentially reveal ASLR slides or heap layout to an attacker, but I think the marginal risk here is pretty low. You'd need a situation where someone is like, tricking your program into calling ctx._ssl_ctx_addr() and then sending the result to the attacker? Seems unlikely, and not something anyone worries about with 'id'. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43902> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
