[Python-Dev] XML DoS vulnerabilities and exploits in Python
Antoine Pitrou
solipsis at pitrou.net
Thu Feb 21 07:56:11 CET 2013
On Thu, 21 Feb 2013 10:38:07 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
> On Thu, Feb 21, 2013 at 9:49 AM, Tres Seaver <tseaver at palladion.com> wrote:
> > Two words: "hash randomization". If it applies to one, it applies to
> > the other.
>
> Agreed. Christian's suggested approach sounds sane to me:
>
> - make it possible to enable safer behaviour globally in at least 2.7
> and 3.3 (and perhaps in 2.6 and 3.2 security releases as well)
> - make the safer behaviour the default in 3.4
> - make it possible to selectively disable the safeguards in all versions
+1 from me.
Regards
Antoine.
More information about the Python-Dev
mailing list