Author christian.heimes
Recipients Iman Sharafaldin, christian.heimes, serhiy.storchaka, vstinner
Date 2020-07-06.13:58:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1594043912.1.0.136714629459.issue41208@roundup.psfhosted.org>
In-reply-to
Content
Python's thread model is:
If an attacker can create a malicious PYC file and feed it to a Python process, then they already have full code execution privileges. There is no need to exploit a segfault. Because the marshal module should only be used for PYC files, they can straight out execute any Python code at import time. That's much simpler and works on all operating systems.
History
Date User Action Args
2020-07-06 13:58:32christian.heimessetrecipients: + christian.heimes, vstinner, serhiy.storchaka, Iman Sharafaldin
2020-07-06 13:58:32christian.heimessetmessageid: <1594043912.1.0.136714629459.issue41208@roundup.psfhosted.org>
2020-07-06 13:58:32christian.heimeslinkissue41208 messages
2020-07-06 13:58:32christian.heimescreate