Armin Rigo wrote:
For example, let's assume we can decref a object to 0 before its last usage, at address x. All you need is the skills and luck to arrange that the memory at x becomes occupied by a new bigger string object allocated at "x - small_number".
That's a lot of assumptions. When you claimed that *any* segfault bug could be turned into an arbitrary-code exploit, it sounded like you had a provably general procedure in mind for doing so, but it seems not. In any case, I think Victor is right to object to his sandbox being shot down on such grounds. The same thing equally applies to any method of sandboxing any computation, whether it involves Python or not. Even if you fork a separate process running code written in Befunge, it could be prone to this kind of attack if there is a bug in it. What you seem to be saying is "Python cannot be sandboxed, because any code can have bugs." Or, "Nothing is ever 100% secure, because the universe is not perfect." Which is true, but not in a very interesting way. -- Greg _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
