[Cython] Hash-based vtables
Stefan Behnel
stefan_ml at behnel.de
Wed Jun 6 10:58:37 CEST 2012
mark florisson, 05.06.2012 22:33:
> It doesn't even necessarily have to be about running user code, a user
> could craft data input which causes such a situation. For instance,
> let's say we have a just-in-time specializer which specializes a
> function for the runtime input types, and the types depend on the user
> input. For instance, if we write a web application we can post arrays
> to described by a custom dtype, which draws pictures in some weird way
> for us. We can get it to specialize pretty much any array type, so
> that gives us a good opportunity to find collisions.
Yes, and the bad thing is that a very high probability of having no
collisions even in combination with the need for a huge amount of brute
force work to find one is not enough. An attacker (or otherwise interested
user) may just be lucky, and given how low in the application stack this
will be used, such a bit of luck may have massive consequences.
Stefan
More information about the cython-devel
mailing list