On 06/01/2022 15:21, Petr Viktorin wrote:
Sometimes there's a bug worth fixing, sometimes it's even an actual
vulnerability, but in my experience, most of what tools find in
CPython is not actionable.
If you do find a security vulnerability, consider reporting it
privately to the security team: see https://www.python.org/dev/security/
And Python is not like JavaScript (in the browser), where code is
supposed to be run in a total sandbox. Python is not supposed to be a
completely memory-safe language. You can always access memory manually
using `ctypes`, or, ultimately, `/proc/self/mem`.
For this reason, a buffer overflow in CPython is a bug because it can
cause a crash, not because it can cause a security vulnerability.
_______________________________________________
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/PLYRO6VSFNHIRD5FMSEK5RTZJNMTQG7G/
Code of Conduct: http://python.org/psf/codeofconduct/