This fix should be applied to the documentation as well.
On Tue, Mar 6, 2012 at 08:59, larry.hastings wrote:
> http://hg.python.org/cpython/rev/d8f68195210e
> changeset: 75448:d8f68195210e
> user: Larry Hastings
> date: Mon Mar 05 22:59:13 2012 -0800
> summary:
> Fix a comment:
On Mon, Mar 5, 2012 at 3:40 PM, "Martin v. Löwis" wrote:
>> I strongly disagree that sandbox is secure because it's "just
>> segfaults" and "any code is exploitable that way". Finding segfaults
>> in CPython is "easy". As in all you need is armin, a bit of coffee and
>> a free day. Reasons for thi
> I strongly disagree that sandbox is secure because it's "just
> segfaults" and "any code is exploitable that way". Finding segfaults
> in CPython is "easy". As in all you need is armin, a bit of coffee and
> a free day. Reasons for this vary, but one of those is that python is
> a large code base
> For a comparison, PyPy sandbox is a compiled from higher-level
> language program that by design does not have all sorts of problems
> described. The amount of code you need to carefully review is very
> minimal (as compared to the entire CPython interpreter). It does not
> mean it has no bugs, b
On Mon, Mar 5, 2012 at 1:21 PM, Greg Ewing wrote:
> Armin Rigo wrote:
>>
>> For example, let's assume we can decref
>> a object to 0 before its last usage, at address x. All you need is
>> the skills and luck to arrange that the memory at x becomes occupied
>> by a new bigger string object alloca
05.03.12 23:47, Guido van Rossum написав(ла):
Maybe it would make more sense to add such a test to xrange()? (Maybe
not every iteration but every 10 or 100 iterations.)
`sum([10**100]*100)` leads to same effect.
___
Python-Dev mailing list
Py
05.03.12 23:16, Victor Stinner написав(ла):
> Apply the timeout would require to modify the sum() function.
sum() is just one, simple, example. Any C code could potentially run
long enough. Another example is the recently discussed hashtable
vulnerability:
class badhash: __hash__ = int(42)._
> Just forbid the sandboxed code from using the signal module, and set
> the signal to the default action (abort).
Ah yes, good idea. It may be an option because depending on the use
case, failing with abort is not always the best option.
The signal module is not allowed by the default policy.
>
>>> I challenge anymore to break pysandbox! I would be happy if anyone
>>> breaks it because it would make it more stronger.
>
> I tried to run the files from Lib/test/crashers and --- kind of
> obviously --- I found at least two of them that still segfaults
> execfile.py, sometimes with minor edit
On Mon, Mar 5, 2012 at 1:16 PM, Victor Stinner wrote:
> 2012/3/5 Serhiy Storchaka :
>> 05.03.12 11:09, Victor Stinner написав(ла):
>>
>>> pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
>>> change this timeout or disable it completly.
>>>
>>> pysandbox doesn't provide a func
On Tue, 06 Mar 2012 10:21:12 +1300
Greg Ewing wrote:
>
> What you seem to be saying is "Python cannot be sandboxed,
> because any code can have bugs." Or, "Nothing is ever 100% secure,
> because the universe is not perfect." Which is true, but not in
> a very interesting way.
There is a differen
Armin Rigo wrote:
For example, let's assume we can decref
a object to 0 before its last usage, at address x. All you need is
the skills and luck to arrange that the memory at x becomes occupied
by a new bigger string object allocated at "x - small_number".
That's a lot of assumptions. When you
2012/3/5 Serhiy Storchaka :
> 05.03.12 11:09, Victor Stinner написав(ла):
>
>> pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
>> change this timeout or disable it completly.
>>
>> pysandbox doesn't provide a function to limit the memory yet, you have
>> to do it manually. It
On Mon, Mar 5, 2012 at 4:41 AM, Mark Shannon wrote:
> Comparing two objects (of the same type for simplicity)
> involves a three stage lookup:
> The class has the operator C.__eq__
> It can be applied to operator (descriptor protocol): C().__eq__
> and it produces a result: C().__eq__(C())
>
> Exc
[edited for clarity]
In article ,
Ned Deily wrote:
> [...] It affects
> user-installed framework-build Pythons, such as those provided by
> python.org installers, allowing [the user-installed Pythons] to [use]
> distributions that [were] explicitly
> installed by the user [into] the system Py
In article <4f54c6c3.9040...@netwok.org>,
Éric Araujo wrote:
> Le 03/03/2012 22:57, Ned Deily a écrit :
> > The python.org OS X Pythons (and built-from-source framework builds) add
> > the Apple-specific directory to the search path in order to allow
> > sharing of installed third-party package
Hi,
I noticed that the top-level section in Misc/NEWS (i.e. the section
where we add entries) for 3.3 is for 3.3.0a2 (the next release), but in
2.7 and 3.2 we’re still adding entries to the sections corresponding to
the last RCs. Will the RMs move things when they merge back their
release clones,
Hi,
Le 03/03/2012 22:57, Ned Deily a écrit :
> The python.org OS X Pythons (and built-from-source framework builds) add
> the Apple-specific directory to the search path in order to allow
> sharing of installed third-party packages between the two.
The interesting thing to me here is that Ned’s
On 3/5/2012 2:54 AM, Georg Brandl wrote:
On behalf of the Python development team, I'm happy to announce the
first alpha release of Python 3.3.0.
This is a preview release, and its use is not recommended in
production settings.
Python 3.3 includes a range of improvements of the 3.x series, as w
Comparing two objects (of the same type for simplicity)
involves a three stage lookup:
The class has the operator C.__eq__
It can be applied to operator (descriptor protocol): C().__eq__
and it produces a result: C().__eq__(C())
Exceptions can be raised in all 3 phases,
but an exception in the fi
>>> You can't solve the too much time, without solving the halting problem,
>>
>> Not sure what you mean by that. It seems to me that it's particularly
>> easy to do in a roughly portable way, with alarm() for example on all
>> UNIXes.
>
> What time should you set the alarm for? How much time is e
Could we remove the f_yieldfrom attribute from frameobject
(at the Python level) before it is too late and we are stuck with it.
Issue (with patch) here:
http://bugs.python.org/issue13970
Cheers,
Mark.
___
Python-Dev mailing list
Python-Dev@python.org
22 matches
Mail list logo
