Message391536
Python's 'id' function exposes raw memory addresses constantly. As long as they're just integers, they can't do much harm.
(In Rust, taking a pointer to a random object is considered totally safe, can be done anywhere. It's *dereferencing* a pointer where you need special 'unsafe' annotations.)
Addresses can potentially reveal ASLR slides or heap layout to an attacker, but I think the marginal risk here is pretty low. You'd need a situation where someone is like, tricking your program into calling ctx._ssl_ctx_addr() and then sending the result to the attacker? Seems unlikely, and not something anyone worries about with 'id'. |
|
Date |
User |
Action |
Args |
2021-04-21 17:55:13 | njs | set | recipients:
+ njs, christian.heimes, steve.dower |
2021-04-21 17:55:13 | njs | set | messageid: <1619027713.55.0.289321102203.issue43902@roundup.psfhosted.org> |
2021-04-21 17:55:13 | njs | link | issue43902 messages |
2021-04-21 17:55:13 | njs | create | |
|