Stefan Behnel wrote: > Sturla Molden, 02.07.2010 14:06: > >> Den 2. juli 2010 kl. 08.21 skrev Stefan Behnel: >> >> >>> Sturla Molden, 02.07.2010 06:03: >>> >>>> All programs that use PyCObject become a security problem. PyCObject >>>> makes no "type checks" on the void pointer, and can therefore be >>>> used to >>>> crash the interpreter or execute exploit code as destructor. >>>> >>> Like that was hard to do from C >>> >> PyCObject opens for exploits from Python code. >> > > Seriously, if I can make you run my Python code on your server, I doubt > that PyCObject is your main problem. > Google AppEngine, that kind of stuff. The point would be to make it faster to audit the code for such purposes, I think.
Dag Sverre _______________________________________________ Cython-dev mailing list [email protected] http://codespeak.net/mailman/listinfo/cython-dev
