STINNER Victor <vstin...@python.org> added the comment:
In terms of security model, usually, if an attacker can execute arbitrary Python code, the game is over. Executing bytecode is the same. Python doesn't provide any tooling to validate bytecode in its stdlib. https://python-security.readthedocs.io/security.html#python-security-model If you consider that it's an important use case, you can create a project on PyPI to validate bytecode. I don't think that it belongs to the stdlib. Python/ceval.c doesn't validate bytecode at runtime for performance reasons. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42422> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
