Buffer overflows?
Andrew M. Kuchling
akuchlin at mems-exchange.org
Fri May 26 13:25:15 EDT 2000
aahz at netcom.com (Aahz Maruch) quoted Michael Ströder:
> >Well, it's obvious that there are no problems with string buffers
> >(like strcpy() in C) within pure Python code. But many modules (e.g.
> >socket) are wrapping C code. How about these modules? Are there any
> >security reviews of the C code of the Python library?
Not as far as I know. I went on a search-and-destroy mission for
unchecked sprintf("%s",...) calls a long time ago (pre-1.5, I think),
but I don't really know anything about security auditing. It would be
nice to know if anyone has carefully audited Python, or if anyone is
willing to do so. Wasn't there a linux-audit mailing list where
people would volunteer to audit stuff? Or maybe the OpenBSD group has
looked at Python?
--
A.M. Kuchling http://starship.python.net/crew/amk/
Perl is worse than Python because people wanted it worse.
-- Larry Wall, 14 Oct 1998
More information about the Python-list
mailing list