Larry Hastings <la...@hastings.org> added the comment: I finally reviewed this, and I think it does need additional armor against attack. I think a user could insert a different object into the thread local dict with the hard-coded name and get CPython to crash.
This patch fixes the vulnerability: http://codereview.appspot.com/217092/show If this goes in, I'll add it to the backport for 2.7. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue5939> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
