Message 152066 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gregory.p.smith
Recipients	Arach, Arfrever, Huzaifa.Sidhpurwala, Jim.Jewett, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.araujo, eric.snow, fx5, georg.brandl, grahamd, gregory.p.smith, gvanrossum, gz, jcea, lemburg, loewis, mark.dickinson, neologix, pitrou, skrah, terry.reedy, tim.peters, v+python, vstinner, zbysz
Date	2012-01-27.06:25:18
SpamBayes Score	4.5893394e-06
Marked as misclassified	No
Message-id	<CAGE7PNJRaASr_bLHDSbcMmJcjJ3CmS5s1Vo_MOkY9=UokkWYGA@mail.gmail.com>
In-reply-to	<20120127000334.Horde.aM5EaVNNcXdPIdvGl__HGMA@webmail.df.eu>

Content
>> But using non-__builtin__.str objects (such as UserString) would expose the >> user to an attack? > > Not necessarily: only if they use these strings as dictionary keys, and only > if they do so in contexts where arbitrary user input is consumed. In these > cases, users need to rewrite their code to replace the keys. Using dictionary > wrappers (such as UserDict), this is possible using only local changes. Could the AVL tree approach be extended to apply to dictionaries containing keys of any single type that supports comparison? That approach would autodetect UserString or similar and support it properly. I expect that dictionaries with keys of more than one type to be very rare and highly unlikely when it comes to values generated directly via user input. (and on top of all of this I believe we're all settled on having per interpreter hash randomization _as well_ in 3.3; but this AVL tree approach is one nice option for a backport to fix the major vulnerability) -gps

>> But using non-__builtin__.str objects (such as UserString) would expose the
>> user to an attack?
>
> Not necessarily: only if they use these strings as dictionary keys, and only
> if they do so in contexts where arbitrary user input is consumed. In these
> cases, users need to rewrite their code to replace the keys. Using dictionary
> wrappers (such as UserDict), this is possible using only local changes.

Could the AVL tree approach be extended to apply to dictionaries
containing keys of any single type that supports comparison?  That
approach would autodetect UserString or similar and support it
properly.

I expect that dictionaries with keys of more than one type to be very
rare and highly unlikely when it comes to values generated directly
via user input.

(and on top of all of this I believe we're all settled on having per
interpreter hash randomization _as well_ in 3.3; but this AVL tree
approach is one nice option for a backport to fix the major
vulnerability)

-gps

History
Date	User	Action	Args
2012-01-27 06:25:19	gregory.p.smith	set	recipients: + gregory.p.smith, lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5
2012-01-27 06:25:19	gregory.p.smith	link	issue13703 messages
2012-01-27 06:25:18	gregory.p.smith	create