Message 270654 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pabstersac
Recipients	Decorater, ammar2, ned.deily, pabstersac, r.david.murray
Date	2016-07-17.17:28:08
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1468776488.08.0.00345988738889.issue27538@psf.upfronthosting.co.za>
In-reply-to

Content
I do agree it is not a very big problem, but it is still a problem. If a python program took user input (maybe HTTP server) took user input (POST values) and construct a code object with that input. It would be possible to crash it and that can be bad for the web application. Even though it is not the most important Python problem, it is still a problem which can cause moderate problems, and it can be exploited remotely if the HTTP server did what I said before. One vulnerable HTTP server is one too many ;) Hope it helps :)

I do agree it is not a very big problem, but it is still a problem. If a python program took user input (maybe HTTP server) took user input (POST values) and construct a code object with that input. It would be possible to crash it and that can be bad for the web application. Even though it is not the most important Python problem, it is still a problem which can cause moderate problems, and it can be exploited remotely if the HTTP server did what I said before. One vulnerable HTTP server is one too many ;)
Hope it helps :)

History
Date	User	Action	Args
2016-07-17 17:28:08	pabstersac	set	recipients: + pabstersac, ned.deily, r.david.murray, ammar2, Decorater
2016-07-17 17:28:08	pabstersac	set	messageid: <1468776488.08.0.00345988738889.issue27538@psf.upfronthosting.co.za>
2016-07-17 17:28:08	pabstersac	link	issue27538 messages
2016-07-17 17:28:08	pabstersac	create