Message99898
I finally reviewed this, and I think it does need additional armor against attack. I think a user could insert a different object into the thread local dict with the hard-coded name and get CPython to crash.
This patch fixes the vulnerability:
http://codereview.appspot.com/217092/show
If this goes in, I'll add it to the backport for 2.7. |
|
Date |
User |
Action |
Args |
2010-02-23 04:20:48 | larry | set | recipients:
+ larry, benjamin.peterson |
2010-02-23 04:20:48 | larry | set | messageid: <1266898848.07.0.895567929823.issue5939@psf.upfronthosting.co.za> |
2010-02-23 04:20:46 | larry | link | issue5939 messages |
2010-02-23 04:20:46 | larry | create | |
|