On Mon, Sep 29, 2008 at 12:02 PM, Giampaolo Rodola' <[EMAIL PROTECTED]> wrote: > On 27 Set, 20:04, "Josiah Carlson" <[EMAIL PROTECTED]> wrote: >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner >> >> <[EMAIL PROTECTED]> wrote: >> > Second, I would like to help to fix all Python security issues. It looks >> > like >> > Python community isn't very reactive (proactive?) about security. Eg. a DoS >> > was reported in smtpd server (integrated to Python)... 15 months ago. A >> > patch >> > is available but it's not applied in Python trunk. >> >> The smtpd module is not meant to be used without modification. It is >> the responsibility of the application writer to decide the limitations >> of the emails they want to allow sending, and subsequently handle the >> case where emails overrun that limit. > > The issue does not concern the emails but the buffer used internally > to store the received raw data sent by client. > The user who wants to fix the issue (#1745035) should override the > collect_incoming_data method which is usually not meant to be > modified. > Moreover, there are two RFCs which state that extremely long lines > must be truncated and an error reply must be returned.
We can and should discuss the specifics of this item in the bug report itself. I should have replied there instead. - Josiah _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
