Message 172901 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	maker
Recipients	alex, christian.heimes, eric.araujo, ezio.melotti, maker, orsenthil, r.david.murray, terry.reedy
Date	2012-10-14.18:36:50
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1350239810.82.0.107876545401.issue16083@psf.upfronthosting.co.za>
In-reply-to

Content
Well, it is a security issue IMO, but not particularly harmful. But certainly that's not a RFC violation, since I'm not sending rfc-compliant packets.[0] The best an attacker could do is to DDoS the server running HTTPServer: tracebacks may open file descriptors and/or send emails to the sysadmin, and hence the attacker could flood the server opening new file descriptors, or the email box.[0] At least, this is the worst thing that came to my mind discussing with exarkun. [0] https://twistedmatrix.com/trac/ticket/6029

Well, it is a security issue IMO, but not particularly harmful. But certainly that's not a RFC violation, since I'm not sending rfc-compliant packets.[0]  

The best an attacker could do is to DDoS the server running HTTPServer: tracebacks may open file descriptors and/or send emails to the sysadmin, and hence the attacker could flood the server opening new file descriptors, or the email box.[0]
At least, this is the worst thing that came to my mind discussing with exarkun. 

[0] https://twistedmatrix.com/trac/ticket/6029

History
Date	User	Action	Args
2012-10-14 18:36:50	maker	set	recipients: + maker, terry.reedy, orsenthil, christian.heimes, ezio.melotti, eric.araujo, alex, r.david.murray
2012-10-14 18:36:50	maker	set	messageid: <1350239810.82.0.107876545401.issue16083@psf.upfronthosting.co.za>
2012-10-14 18:36:50	maker	link	issue16083 messages
2012-10-14 18:36:50	maker	create