Hi everyone,
An update on this. Unfortunately, we are still blocked. Some of the
blockers have been fixed (thanks to everyone involved) but the following
are still pending:
* https://bugs.python.org/issue46208
This issue has a PR being reviewed but the fix is still not merged.
* https://bugs.py
On Thu, Jan 6, 2022 at 12:33 PM Pablo Galindo Salgado
wrote:
> * https://bugs.python.org/issue46006
>
> Victor made a revert of his PR but unfortunately, we cannot easily backport
> it to 3.10 as it affects the ABI. It affects the interpreter state structure
> that although is not on the stable
On Fri, Jan 7, 2022 at 1:59 AM lxr1210--- via Python-Dev
wrote:
>
> Hi all,
>
> I am currently doing some research on the security of CPython. I used the
> open source vulnerability analysis engine, Infer(https://fbinfer.com/), to
> scan the native code of CPython 3.10.0.
>
> The scan results sh
On 06. 01. 22 14:22, lxr1210--- via Python-Dev wrote:
Hi all,
I am currently doing some research on the security of CPython. I used
the open source vulnerability analysis engine,
Infer(https://fbinfer.com/), to scan the native code of CPython 3.10.0.
The scan results show that there are stil
On 06/01/2022 15:21, Petr Viktorin wrote:
Sometimes there's a bug worth fixing, sometimes it's even an actual
vulnerability, but in my experience, most of what tools find in
CPython is not actionable.
If you do find a security vulnerability, consider reporting it
privately to the security tea
This is also at https://bugs.python.org/issue46280. Please direct
comments there.
Eric
On 1/6/2022 8:22 AM, lxr1210--- via Python-Dev wrote:
Hi all,
I am currently doing some research on the security of CPython. I used
the open source vulnerability analysis engine,
Infer(https://fbinfer.com
I think it makes good sense for the type-checking reason: _CData *does* declare
a fairly useful base interface that other classes also expose, so saying
that a function takes a _CData argument can make good sense. (As a bunch of
the methods in the io library do, for example) typeshed hacks it for t
Patrick Reader writes:
> And Python is not like JavaScript (in the browser), where code is
> supposed to be run in a total sandbox. Python is not supposed to be a
> completely memory-safe language. You can always access memory manually
> using `ctypes`, or, ultimately, `/proc/self/mem`.
Tr
On Fri, Jan 7, 2022 at 2:57 PM Stephen J. Turnbull
wrote:
>
> Patrick Reader writes:
>
> > And Python is not like JavaScript (in the browser), where code is
> > supposed to be run in a total sandbox. Python is not supposed to be a
> > completely memory-safe language. You can always access memor
Chris Angelico writes:
> Python source code is not user input though. So there has to be a way
> for someone to attack a Python-based service, like attacking a web app
> by sending HTTP requests to it.
Not sure what your point is. Of course there has to be a vector. But
as a Mailman develope
10 matches
Mail list logo
