This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients JohnLeitch, christian.heimes, eryksun, steve.dower, tim.golden, zach.ware
Date 2016-09-24.20:58:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I think this requires arbitrary code execution as a minimum - there's no way anyone would pass a user-provided value here - so the security implications are less interesting.

All we can really do is restrict the types accepted here, which I don't think is appropriate in a maintenance release. Possibly it's not too late to deprecate in 3.6 for removal in 3.8, but it is certainly a documented feature. Checking a handle for validity is not part of user mode API, as far as I know - EAFP.
Date User Action Args
2016-09-24 20:58:29steve.dowersetrecipients: + steve.dower, christian.heimes, tim.golden, zach.ware, eryksun, JohnLeitch
2016-09-24 20:58:29steve.dowersetmessageid: <>
2016-09-24 20:58:29steve.dowerlinkissue24201 messages
2016-09-24 20:58:28steve.dowercreate