Message 205880 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	Jim.Jewett, Trundle, Yury.Selivanov, barry, benjamin.peterson, cvrebert, daniel.urban, eric.araujo, ethan.furman, gcbirzan, gvanrossum, jamesh, jwilk, ncoghlan, pitrou, yorik.sar
Date	2013-12-11.04:37:45
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1386736665.99.0.348645555785.issue12029@psf.upfronthosting.co.za>
In-reply-to

Content
Ah, you're right - I found the example I was thinking of (Richard Jones's "Don't do this!" talk), and it was just demonstrating that the except clause accepts any expressions producing a tuple or BaseException instance, not that we call __iter__ at that point. And since we do identity checks for the exception type matching (rather than equality checks), it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off.

Ah, you're right - I found the example I was thinking of (Richard Jones's "Don't do this!" talk), and it was just demonstrating that the except clause accepts any expressions producing a tuple or BaseException instance, not that we call __iter__ at that point.

And since we do identity checks for the exception type matching (rather than equality checks), it looks like all the avenues for arbitrary code execution while checking if an exception handler matches a thrown an exception are closed off.

History
Date	User	Action	Args
2013-12-11 04:37:46	ncoghlan	set	recipients: + ncoghlan, gvanrossum, barry, jamesh, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan
2013-12-11 04:37:45	ncoghlan	set	messageid: <1386736665.99.0.348645555785.issue12029@psf.upfronthosting.co.za>
2013-12-11 04:37:45	ncoghlan	link	issue12029 messages
2013-12-11 04:37:45	ncoghlan	create