This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author njs
Recipients christian.heimes, njs, steve.dower
Date 2021-04-21.17:55:13
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1619027713.55.0.289321102203.issue43902@roundup.psfhosted.org>
In-reply-to
Content
Python's 'id' function exposes raw memory addresses constantly. As long as they're just integers, they can't do much harm.

(In Rust, taking a pointer to a random object is considered totally safe, can be done anywhere. It's *dereferencing* a pointer where you need special 'unsafe' annotations.)

Addresses can potentially reveal ASLR slides or heap layout to an attacker, but I think the marginal risk here is pretty low. You'd need a situation where someone is like, tricking your program into calling ctx._ssl_ctx_addr() and then sending the result to the attacker? Seems unlikely, and not something anyone worries about with 'id'.
History
Date User Action Args
2021-04-21 17:55:13njssetrecipients: + njs, christian.heimes, steve.dower
2021-04-21 17:55:13njssetmessageid: <1619027713.55.0.289321102203.issue43902@roundup.psfhosted.org>
2021-04-21 17:55:13njslinkissue43902 messages
2021-04-21 17:55:13njscreate