[Python-Dev] Possible bugs and security holes in getpass.py
Guido van Rossum
guido at python.org
Mon Dec 1 23:31:56 EST 2003
> 1,2,3,5 are possible security holes in addition to being possible bugs.
>
> Although I don't completely understand all the details, it appears
> to me that getpass.c is more correct then getpass.py.
Sorry, but this just doesn't make sense. There are so many
differences between C and Python that you can't just compare a C and a
Python version of a function and pointing at the differences as
possible security holes or bugs. If you want to be helpful, I please
try to understand the details, and then see if there are *actual* bugs
or security holes instead of just "possible" ones.
Looking for security issues is serious business. (It pays my
bills. :-) But people shouldn't go around pointing out "possible"
security holes without understanding what they are talking about --
spreading fear doesn't help real security. It is unlikely that a
beginning programmer can find a security hole in a piece of software
without dumb luck.
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list