This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author serhiy.storchaka
Recipients Mark.Shannon, benjamin.peterson, larry, lemburg, njs, pitrou, serhiy.storchaka
Date 2015-08-31.09:39:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1441013968.87.0.788307325526.issue24912@psf.upfronthosting.co.za>
In-reply-to
Content 
I agree with Nathaniel, that this bug is not so critical to be release blocker. While it definitely should be fixed, it may wait for 3.5.1. Bug reproducing is not data driven, it needs executing special Python code, and when arbitrary Python code execution is available, there are a lot of other way to crash or compromise the interpreter. But I'm not sure that allowing __class__ assignment for larger domain of types is desirable. If we will desire that it is not, any enhancements to __class__ assignment should be withdrawn. May be __class__ assignment should be discouraged, deprecated and then disabled for all classes (in 3.6+), and other ways should be proposed to solve problems that are solved with __class__ assignment.

Nathaniel, can you provide a patch, that keeps the fix of a buffer overflow, but withdraws the ability to assign __class__ in cases that were disabled before?
History
Date User Action Args
2015-08-31 09:39:28serhiy.storchakasetrecipients: + serhiy.storchaka, lemburg, pitrou, larry, benjamin.peterson, njs, Mark.Shannon
2015-08-31 09:39:28serhiy.storchakasetmessageid: <1441013968.87.0.788307325526.issue24912@psf.upfronthosting.co.za>
2015-08-31 09:39:28serhiy.storchakalinkissue24912 messages
2015-08-31 09:39:28serhiy.storchakacreate