safer ctype? (was GUIs - A modest Proposal)
Martin v. Loewis
martin at v.loewis.de
Sat Jun 12 20:14:46 EDT 2010
>> Notice that it's not (only) the functions itself, but also the
>> parameters. It's absolutely easy to crash Python by calling a function
>> through ctypes that expects a pointer, and you pass an integer. The
>> machine code will dereference the pointer (trusting that it actually is
>> one), and crash.
>
> what's so bad about that? (this is a genuine, non-hostile, non-
> rhetorical, non-sarcastic question).
>
> (if the answer is "because you can't catch a segfault as a python
> exception", then the question is repeated)
It's not only that a segfault may occur, but also that you may overwrite
arbitrary memory.
What's so bad about that? Nothing per se, but some people actually like
the property that you can't crash Python with pure Python code. Those
people would want to remove ctypes. It would be unfair to them if then
large parts of the standard library stopped working, in particular as
there is no real technical reason for them to stop working.
In particular, in some applications, untrusted code is executed. In
order to execute it, all "dangerous" API functions must be removed from
the interpreter, or appropriately wrapped. In these applications,
wrapping ctypes is not feasible, so only removal would work.
Regards,
Martin
More information about the Python-list
mailing list