[Python-Dev] Python 2.6.5
"Martin v. Löwis"
martin at v.loewis.de
Wed Feb 10 07:22:16 CET 2010
> On Tue, Feb 9, 2010 at 11:55 PM, "Martin v. Löwis" <martin at v.loewis.de> wrote:
>>> Le Tue, 09 Feb 2010 12:16:15 +0200, anatoly techtonik a écrit :
>>>> I've noticed a couple of issues that 100% crash Python 2.6.4 like this
>>>> one - http://bugs.python.org/issue6608 Is it ok to release new versions
>>>> that are known to crash?
>>> I've changed this issue to release blocker. What are the other issues?
>> For a bug fix release, it should (IMO) be a release blocker *only* if
>> this is a regression in the branch or some recent bug fix release over
>> some earlier bug fix release.
>
> Is it possible to make exploits out of crashers?
It depends on the specific crasher. In Python, it depends on the
application as well. In the specific issue you mentioned, it doesn't
crash because of a memory overwrite, but because of a deliberate process
shutdown in the C runtime. So you can't construct arbitrary code
execution out of that.
Regards,
Martin
More information about the Python-Dev
mailing list