This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients BTaskaya, Dennis Sweeney, eric.smith, sbz, vstinner
Date 2021-04-20.18:22:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1618942950.99.0.279976340711.issue42422@roundup.psfhosted.org>
In-reply-to
Content
In terms of security model, usually, if an attacker can execute arbitrary Python code, the game is over. Executing bytecode is the same. Python doesn't provide any tooling to validate bytecode in its stdlib.

https://python-security.readthedocs.io/security.html#python-security-model

If you consider that it's an important use case, you can create a project on PyPI to validate bytecode. I don't think that it belongs to the stdlib.

Python/ceval.c doesn't validate bytecode at runtime for performance reasons.
History
Date User Action Args
2021-04-20 18:22:31vstinnersetrecipients: + vstinner, eric.smith, sbz, BTaskaya, Dennis Sweeney
2021-04-20 18:22:30vstinnersetmessageid: <1618942950.99.0.279976340711.issue42422@roundup.psfhosted.org>
2021-04-20 18:22:30vstinnerlinkissue42422 messages
2021-04-20 18:22:30vstinnercreate