Message 372788 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ned.deily
Recipients	Iman Sharafaldin, ned.deily
Date	2020-07-01.19:37:22
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1593632242.25.0.604036170524.issue41189@roundup.psfhosted.org>
In-reply-to

Content
> my only goal was to help Python community (which I love it) to improve the code quality Thanks for trying to improve things, we do appreciate it! The idea here is that to be able to exploit the crashing pyc file, you need to be able to run an arbitrary pyc file on the web service and to do that the attacker has to have access somehow to the interpreter. If the web service has a hole to allow that, many bad things are possible. That's true for many other languages and tools, too. So it's just not worth worrying about being able to crash with a fuzzed pyc file since, if you can exploit that, you can exploit in much easier ways.

> my only goal was to help Python community (which I love it) to improve the code quality

Thanks for trying to improve things, we do appreciate it!

The idea here is that to be able to exploit the crashing pyc file, you need to be able to run an arbitrary pyc file on the web service and to do that the attacker has to have access somehow to the interpreter. If the web service has a hole to allow that, many bad things are possible. That's true for many other languages and tools, too.  So it's just not worth worrying about being able to crash with a fuzzed pyc file since, if you can exploit that, you can exploit in much easier ways.

History
Date	User	Action	Args
2020-07-01 19:37:22	ned.deily	set	recipients: + ned.deily, Iman Sharafaldin
2020-07-01 19:37:22	ned.deily	set	messageid: <1593632242.25.0.604036170524.issue41189@roundup.psfhosted.org>
2020-07-01 19:37:22	ned.deily	link	issue41189 messages
2020-07-01 19:37:22	ned.deily	create