Author gvanrossum
Recipients Antony.Lee, Jim.Jewett, Trundle, Yury.Selivanov, barry, benjamin.peterson, cvrebert, daniel.urban, eric.araujo, ethan.furman, gcbirzan, gvanrossum, jamesh, jwilk, ncoghlan, pitrou, yorik.sar
Date 2014-10-02.05:10:06
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <CAP7+vJLYf_T4_NB0ej6t9HTTsy_jVRR_MvOjcQ+aG2-zOAffxg@mail.gmail.com>
In-reply-to <1412225585.01.0.470072737898.issue12029@psf.upfronthosting.co.za>
Content
ISTM Nick meant that the exception that was raised can't cause arbitrary
code execution.

On Wednesday, October 1, 2014, Antony Lee <report@bugs.python.org> wrote:

>
> Antony Lee added the comment:
>
> "it looks like all the avenues for arbitrary code execution while checking
> if an exception handler matches a thrown an exception are closed off."
>
> This seems to be directly contradicted by your previous sentence: "the
> except clause accepts any expressions producing a tuple or BaseException
> instance".
>
> e.g.
>
> ===
>
> >>> def f(): raise AttributeError
> ...
> >>> try: raise IndexError
> ... except f(): raise KeyError
> ...
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
> IndexError
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
>   File "<stdin>", line 2, in <module>
>   File "<stdin>", line 1, in f
> AttributeError
>
> ===
>
> (note that f() is evaluated only if the body of "try" actually raises)
>
> ----------
> nosy: +Antony.Lee
>
> _______________________________________
> Python tracker <report@bugs.python.org <javascript:;>>
> <http://bugs.python.org/issue12029>
> _______________________________________
>
History
Date User Action Args
2014-10-02 05:10:07gvanrossumsetrecipients: + gvanrossum, barry, jamesh, ncoghlan, pitrou, benjamin.peterson, jwilk, eric.araujo, Trundle, cvrebert, daniel.urban, yorik.sar, ethan.furman, Yury.Selivanov, Jim.Jewett, gcbirzan, Antony.Lee
2014-10-02 05:10:07gvanrossumlinkissue12029 messages
2014-10-02 05:10:06gvanrossumcreate