Notice that it's not (only) the functions itself, but also the
parameters. It's absolutely easy to crash Python by calling a function
through ctypes that expects a pointer, and you pass an integer. The
machine code will dereference the pointer (trusting that it actually is
one), and crash.
what's so bad about that? (this is a genuine, non-hostile, non-
rhetorical, non-sarcastic question).
(if the answer is "because you can't catch a segfault as a python
exception", then the question is repeated)
It's not only that a segfault may occur, but also that you may overwrite
arbitrary memory.
What's so bad about that? Nothing per se, but some people actually like
the property that you can't crash Python with pure Python code. Those
people would want to remove ctypes. It would be unfair to them if then
large parts of the standard library stopped working, in particular as
there is no real technical reason for them to stop working.
In particular, in some applications, untrusted code is executed. In
order to execute it, all "dangerous" API functions must be removed from
the interpreter, or appropriately wrapped. In these applications,
wrapping ctypes is not feasible, so only removal would work.
Regards,
Martin
--
http://mail.python.org/mailman/listinfo/python-list
