Message 372892 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	steve.dower
Recipients	christian.heimes, frankli, steve.dower, zkonge
Date	2020-07-02.22:47:13
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1593730033.27.0.769097035266.issue41162@roundup.psfhosted.org>
In-reply-to

Content
PR 21222 (with test updates) is a good fix, though we know there can still be arbitrary code executed afterwards. But it's not in a place where we can reliably hook. Probably the best thing to do is to make sure that events are raised for anything that would be required to add code there. Though that may not be feasible either, but since nobody should be doing that kind of thing deliberately, detection is just as valuable as prevention.

PR 21222 (with test updates) is a good fix, though we know there can still be arbitrary code executed afterwards. But it's not in a place where we can reliably hook.

Probably the best thing to do is to make sure that events are raised for anything that would be required to add code there. Though that may not be feasible either, but since nobody should be doing that kind of thing deliberately, detection is just as valuable as prevention.

History
Date	User	Action	Args
2020-07-02 22:47:13	steve.dower	set	recipients: + steve.dower, christian.heimes, zkonge, frankli
2020-07-02 22:47:13	steve.dower	set	messageid: <1593730033.27.0.769097035266.issue41162@roundup.psfhosted.org>
2020-07-02 22:47:13	steve.dower	link	issue41162 messages
2020-07-02 22:47:13	steve.dower	create