when format strings attack
Gabriel Genellina
gagsl-py at yahoo.com.ar
Fri Jan 19 11:59:37 EST 2007
"Nick Maclaren" <nmm1 at cus.cam.ac.uk> escribió en el mensaje
news:eoqr1s$khg$1 at gemini.csx.cam.ac.uk...
> In article <mailman.2908.1169221530.32031.python-list at python.org>,
> "Gabriel Genellina" <gagsl-py at yahoo.com.ar> writes:
> |>
> |> Pure Python programs are not affected, but a review of the C
> implementation
> |> should be made to see if any (variant of) printf is used without a
> proper
> |> format. Anyway I doubt you could find something, because the
> vulnerability
> |> is so well known for ages.
>
> Not really. There are LOTS of vulnerabilities that have been known
> for ages and are still legion. The reason that this is unlikely is
> that it is both easy to spot and trivial to fix.
Yes... Anyway, unless someone actually *do* revise the code, if it's easy or
not has no importance. I think that some automated tools were used to find
problems, but I don't know if this specific vulnerability was searched.
--
Gabriel Genellina
More information about the Python-list
mailing list