Chris Angelico writes:
> Python source code is not user input though. So there has to be a way
> for someone to attack a Python-based service, like attacking a web app
> by sending HTTP requests to it.
Not sure what your point is. Of course there has to be a vector. But
as a Mailman develope
On Fri, Jan 7, 2022 at 2:57 PM Stephen J. Turnbull
wrote:
>
> Patrick Reader writes:
>
> > And Python is not like JavaScript (in the browser), where code is
> > supposed to be run in a total sandbox. Python is not supposed to be a
> > completely memory-safe language. You can always access memor
Patrick Reader writes:
> And Python is not like JavaScript (in the browser), where code is
> supposed to be run in a total sandbox. Python is not supposed to be a
> completely memory-safe language. You can always access memory manually
> using `ctypes`, or, ultimately, `/proc/self/mem`.
Tr
I think it makes good sense for the type-checking reason: _CData *does* declare
a fairly useful base interface that other classes also expose, so saying
that a function takes a _CData argument can make good sense. (As a bunch of
the methods in the io library do, for example) typeshed hacks it for t
This is also at https://bugs.python.org/issue46280. Please direct
comments there.
Eric
On 1/6/2022 8:22 AM, lxr1210--- via Python-Dev wrote:
Hi all,
I am currently doing some research on the security of CPython. I used
the open source vulnerability analysis engine,
Infer(https://fbinfer.com
On 06/01/2022 15:21, Petr Viktorin wrote:
Sometimes there's a bug worth fixing, sometimes it's even an actual
vulnerability, but in my experience, most of what tools find in
CPython is not actionable.
If you do find a security vulnerability, consider reporting it
privately to the security tea
On 06. 01. 22 14:22, lxr1210--- via Python-Dev wrote:
Hi all,
I am currently doing some research on the security of CPython. I used
the open source vulnerability analysis engine,
Infer(https://fbinfer.com/), to scan the native code of CPython 3.10.0.
The scan results show that there are stil
On Fri, Jan 7, 2022 at 1:59 AM lxr1210--- via Python-Dev
wrote:
>
> Hi all,
>
> I am currently doing some research on the security of CPython. I used the
> open source vulnerability analysis engine, Infer(https://fbinfer.com/), to
> scan the native code of CPython 3.10.0.
>
> The scan results sh
On Thu, Jan 6, 2022 at 12:33 PM Pablo Galindo Salgado
wrote:
> * https://bugs.python.org/issue46006
>
> Victor made a revert of his PR but unfortunately, we cannot easily backport
> it to 3.10 as it affects the ABI. It affects the interpreter state structure
> that although is not on the stable
Hi everyone,
An update on this. Unfortunately, we are still blocked. Some of the
blockers have been fixed (thanks to everyone involved) but the following
are still pending:
* https://bugs.python.org/issue46208
This issue has a PR being reviewed but the fix is still not merged.
* https://bugs.py
10 matches
Mail list logo
