On Fri, Jan 7, 2022 at 2:57 PM Stephen J. Turnbull <stephenjturnb...@gmail.com> wrote: > > Patrick Reader writes: > > > And Python is not like JavaScript (in the browser), where code is > > supposed to be run in a total sandbox. Python is not supposed to be a > > completely memory-safe language. You can always access memory manually > > using `ctypes`, or, ultimately, `/proc/self/mem`. > > True enough, but > > > For this reason, a buffer overflow in CPython is a bug because it can > > cause a crash, not because it can cause a security vulnerability. > > A crash *is* a (potential) security vulnerability. If it can be > reliably triggered by user input, it's a denial of service. >
Python source code is not user input though. So there has to be a way for someone to attack a Python-based service, like attacking a web app by sending HTTP requests to it. ChrisA _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/4327CU63W745JGSQM4RO7M77F7BNXSUI/ Code of Conduct: http://python.org/psf/codeofconduct/
