On Wed, Jan 11, 2006 at 07:59:50AM -0500, Barry Warsaw wrote: > BTW, although I'm pretty sure the answer is "no" (at least, I hope it > is), is anyone aware of a situation where the mere importation of a > module can cause Python to crash?
Well, I assume you aren't importing any 'hostile' code, nor running in an uncontrolled environment so I guess you mean other than running out of memory, or the module you are importing actually executing one of the ways to crash Python? Or the module being an extension module that crashes on import? Or another extension module having corrupted the Python environment to a point where a simple import crashes Python? Or a non-extension module using one of the vulnerabilities (in, say, marshal, or pickle) to corrupt the Python environment? Or stuff in os.environ, like LD_* variables, that interfere with library linking? Ponder, ponder, no, can't think of any. :) The pickle vulnerability came up last year, when someone on #python was subclassing a builtin type (string or dict, I think the latter) that was using a magical invocation of (IIRC) __new__ on unpickle. The subclassed __new__ didn't handle this right, so the baseclass __new__ wasn't getting called right, and the new object's addressspace was not initialized. This lead to crashes. I don't remember the details exactly, and my continuous advice of not subclassing builtin types unless you know what you're doing solved the issue (there was no actual need to subclass, there), and I have no idea whether that specific issue was solved or not, but I'm trying to find it again :) -- Thomas Wouters <[EMAIL PROTECTED]> Hi! I'm a .signature virus! copy me into your .signature file to help me spread! _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com