On 22 May 2017 at 19:17, Steve Dower <steve.do...@python.org> wrote: > One of the main reasons we are stuck with an old libffi fork in CPython is > because the newer versions do not support protection from calling functions > with too few/many arguments: > > https://docs.python.org/3/library/ctypes.html?highlight=ctypes#calling-functions > > There are a number of caveats here, including "this only works on Windows", > but since it is documented we cannot just remove the behaviour without a > deprecation period. > > I'd like to propose a highly-accelerated deprecation period for this > specific feature, starting in CPython 3.6.2 and being "completed" in 3.7.0, > when we will hopefully move onto a newer libffi. > > In general, the "feature" is a misfeature anyway, since calling a native > function with incorrect arguments is unsupported and a very easy way to > cause information leakage or code execution vulnerabilities. There may be an > argument for removing the functionality immediately, but honestly I think > changing libffi in a point release is higher risk. > > Once the special protection is removed, most of these cases will become > OSError due to the general protection against segmentation faults. Some will > undoubtedly fall through the cracks and crash the entire interpreter, but > these are unavoidable (and really ought to crash to avoid potential > exploits). > > Does anyone have any reasons to oppose this? It already has votes from > another Windows expert and the 3.6/3.7 Release Manager, but we wanted to see > if anyone has a concern we haven't thought of.
+1 from me. Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
