Message82439
I carefully looked at all places that store ->ob_type or Py_TYPE() in a
local variable, and I could not find any exploit. Most places don't
reuse the type once the method or the slot has been called.
Two places were harder to analyze: subtype_clear (but an attack would
use __del__, and use a reference cycle: subtype_clear is never called in
this case) and PyObject_Generic(Get|Set)Attr (the only escape path to
python code could be through PyType_Ready; but it has already been
called for heap types) |
|
Date |
User |
Action |
Args |
2009-02-18 22:51:08 | amaury.forgeotdarc | set | recipients:
+ amaury.forgeotdarc, benjamin.peterson, jwp |
2009-02-18 22:51:08 | amaury.forgeotdarc | set | messageid: <1234997468.76.0.386676067446.issue5283@psf.upfronthosting.co.za> |
2009-02-18 22:51:06 | amaury.forgeotdarc | link | issue5283 messages |
2009-02-18 22:51:06 | amaury.forgeotdarc | create | |
|