[Python-Dev] Is core dump always a bug? Advice requested
Bob Ippolito
bob at redivi.com
Tue May 11 00:49:37 EDT 2004
On May 11, 2004, at 12:20 AM, Greg Ewing wrote:
> Guido:
>
>>> As long as it's possible to attempt to execute arbitrary strings
>>> as bytecode, I'd say ceval should be robust against this.
>>
>> This ought to be a long-term project then: write a bytecode verifier.
>> It's not a trivial task!
>
> When I wrote that, I was assuming that ceval was already mostly robust
> in this respect, and that what was being reported was a new hole
> recently opened up.
>
> But it appears I was gravely mistaken, and that ceval has been full of
> gaping holes from the beginning.
>
> I'm disappointed to learn this, because I had always regarded it as an
> axiom that no Python-level code should be capable of crashing the
> interpreter, and if it can, this represents a bug. However, it seems
> this axiom has not been adhered to in the design of ceval.
Well with modules like ctypes and PyObjC becoming more common, it's
pretty easy to make the interpreter crash whenever you really want it
to :)
Python is no Java, there's not even a real attempt to bake security
into it.. only good programming practices. Doing extensive checking of
bytecode at runtime would make Python's interpreter much slower than it
already is. I can't imagine that someone with a real need for mangling
bytecode is going to need their hand held here. In most cases such a
person is probably already pretty familiar with the VM at the CPython
implementation level anyways (since it's not really documented
elsewhere, as far as I know).
As far as bytecode verification goes, I would imagine that running it
through PyPy might be good enough to see if it's sane (assuming PyPy
supports the same bytecode in a similar enough way).
-bob
More information about the Python-Dev
mailing list