Message373117
Python's thread model is:
If an attacker can create a malicious PYC file and feed it to a Python process, then they already have full code execution privileges. There is no need to exploit a segfault. Because the marshal module should only be used for PYC files, they can straight out execute any Python code at import time. That's much simpler and works on all operating systems. |
|
Date |
User |
Action |
Args |
2020-07-06 13:58:32 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, serhiy.storchaka, Iman Sharafaldin |
2020-07-06 13:58:32 | christian.heimes | set | messageid: <1594043912.1.0.136714629459.issue41208@roundup.psfhosted.org> |
2020-07-06 13:58:32 | christian.heimes | link | issue41208 messages |
2020-07-06 13:58:32 | christian.heimes | create | |
|