[Python-Dev] Include ctypes into core Python?
Thomas Wouters
thomas at xs4all.net
Wed Jan 11 14:54:40 CET 2006
On Wed, Jan 11, 2006 at 07:59:50AM -0500, Barry Warsaw wrote:
> BTW, although I'm pretty sure the answer is "no" (at least, I hope it
> is), is anyone aware of a situation where the mere importation of a
> module can cause Python to crash?
Well, I assume you aren't importing any 'hostile' code, nor running in an
uncontrolled environment so I guess you mean other than running out of
memory, or the module you are importing actually executing one of the ways
to crash Python? Or the module being an extension module that crashes on
import? Or another extension module having corrupted the Python environment
to a point where a simple import crashes Python? Or a non-extension module
using one of the vulnerabilities (in, say, marshal, or pickle) to corrupt
the Python environment? Or stuff in os.environ, like LD_* variables, that
interfere with library linking? Ponder, ponder, no, can't think of any. :)
The pickle vulnerability came up last year, when someone on #python was
subclassing a builtin type (string or dict, I think the latter) that was
using a magical invocation of (IIRC) __new__ on unpickle. The subclassed
__new__ didn't handle this right, so the baseclass __new__ wasn't getting
called right, and the new object's addressspace was not initialized. This
lead to crashes. I don't remember the details exactly, and my continuous
advice of not subclassing builtin types unless you know what you're doing
solved the issue (there was no actual need to subclass, there), and I have
no idea whether that specific issue was solved or not, but I'm trying to
find it again :)
--
Thomas Wouters <thomas at xs4all.net>
Hi! I'm a .signature virus! copy me into your .signature file to help me spread!
More information about the Python-Dev
mailing list