Do we have *any* known use cases where we would actually run bytecode that was suspicious enough to warrant running a well-formedness check?
In assessing security risks, the PEP notes, "Practically, it would be difficult for a malicious user to 'inject' invalid bytecode into a PVM for the purposes of exploitation, but not impossible." Can that ever occur without there being a far greater risk of malicious, but well-formed bytecode? If you download a file, foo.pyc, from an untrusted source and run it in a susceptible environment, does its well-formedness give you *any* feeling of security. I think not. There isn't anything wrong with having a verifier module, but I can't think of any benefit that would warrant changing the bytecode semantics just to facilitate one of the static stack checks. Raymond _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
