[Python-Dev] Reviving restricted mode?
Guido van Rossum
guido at python.org
Sun Feb 22 22:17:06 CET 2009
On Sun, Feb 22, 2009 at 12:10 PM, Greg Ewing
<greg.ewing at canterbury.ac.nz> wrote:
>> Tav is interested in using this on app engine, which doesn't care
>> about segfaults -- the process is simply restarted, nobody gains
>> access to information they shouldn't have. App engine does care about
>> overwriting memory,
>
> That doesn't make sense -- how can something not care
> about segfaults, but care about memory overwriting?
> If something is capable of causing a segfault, you
> can't be sure it won't just corrupt memory in some
> way that doesn't segfault but causes some other
> problem.
To be more precise, we don't care about crashes caused by NULL pointer
dereferencing. Most of the demonstrated crashers work by causing a
NULL pointer dereference. Since that crashes immediately, there is no
possibility for a further exploit.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list