Message372788
> my only goal was to help Python community (which I love it) to improve the code quality
Thanks for trying to improve things, we do appreciate it!
The idea here is that to be able to exploit the crashing pyc file, you need to be able to run an arbitrary pyc file on the web service and to do that the attacker has to have access somehow to the interpreter. If the web service has a hole to allow that, many bad things are possible. That's true for many other languages and tools, too. So it's just not worth worrying about being able to crash with a fuzzed pyc file since, if you can exploit that, you can exploit in much easier ways. |
|
Date |
User |
Action |
Args |
2020-07-01 19:37:22 | ned.deily | set | recipients:
+ ned.deily, Iman Sharafaldin |
2020-07-01 19:37:22 | ned.deily | set | messageid: <1593632242.25.0.604036170524.issue41189@roundup.psfhosted.org> |
2020-07-01 19:37:22 | ned.deily | link | issue41189 messages |
2020-07-01 19:37:22 | ned.deily | create | |
|