Message 300728 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	larry, methane, serhiy.storchaka, thehesiod, vstinner
Date	2017-08-22.22:56:48
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1503442608.51.0.499709006583.issue31095@psf.upfronthosting.co.za>
In-reply-to

Content
In my experience, it's not that hard to crash CPython (without ctypes) if you know internals or just if you look into Lib/test/crashers/ :-) I agree that it's a good practice to fix crashes when there is a simple known script to crash Python. The question is more where is the limit between security and bug fixes. To be honest, the change is very safe and is very short. @Larry: It's up to you, you are the release manager :-) If we consider that the discussed bugs impact the security, I will ask for backports to 2.7, 3.3 and 3.4 as well.

In my experience, it's not that hard to crash CPython (without ctypes) if you know internals or just if you look into Lib/test/crashers/ :-)

I agree that it's a good practice to fix crashes when there is a simple known script to crash Python. The question is more where is the limit between security and bug fixes.

To be honest, the change is very safe and is very short.

@Larry: It's up to you, you are the release manager :-)

If we consider that the discussed bugs impact the security, I will ask for backports to 2.7, 3.3 and 3.4 as well.

History
Date	User	Action	Args
2017-08-22 22:56:48	vstinner	set	recipients: + vstinner, larry, methane, serhiy.storchaka, thehesiod
2017-08-22 22:56:48	vstinner	set	messageid: <1503442608.51.0.499709006583.issue31095@psf.upfronthosting.co.za>
2017-08-22 22:56:48	vstinner	link	issue31095 messages
2017-08-22 22:56:48	vstinner	create