This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author larry
Recipients benjamin.peterson, larry
Date 2010-02-23.04:20:46
SpamBayes Score 0.0032857775
Marked as misclassified No
Message-id <1266898848.07.0.895567929823.issue5939@psf.upfronthosting.co.za>
In-reply-to
Content
I finally reviewed this, and I think it does need additional armor against attack.  I think a user could insert a different object into the thread local dict with the hard-coded name and get CPython to crash.

This patch fixes the vulnerability:
http://codereview.appspot.com/217092/show

If this goes in, I'll add it to the backport for 2.7.
History
Date User Action Args
2010-02-23 04:20:48larrysetrecipients: + larry, benjamin.peterson
2010-02-23 04:20:48larrysetmessageid: <1266898848.07.0.895567929823.issue5939@psf.upfronthosting.co.za>
2010-02-23 04:20:46larrylinkissue5939 messages
2010-02-23 04:20:46larrycreate