[issue42422] types.CodeType() has no bytecode verifier

2021-04-21 Thread Benjamin Peterson 


Change by Benjamin Peterson :


--
resolution:  -> not a bug
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42422] types.CodeType() has no bytecode verifier

2021-04-21 Thread Sofian Brabez 


Sofian Brabez  added the comment:

Thanks Victor, it's clear now.

About the updates of the crashers, I sent the updated patches to update them in 
PR [3] before the following issue [1] and PR [2] but the other seems to have 
been merged already. 

It seems my submission was totally forgot and now obsolete. So I'm gonna close 
this ticket.

[1] https://bugs.python.org/issue42734
[2] https://github.com/python/cpython/pull/23939
[3] https://github.com/python/cpython/pull/23448

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42422] types.CodeType() has no bytecode verifier

2021-04-20 Thread STINNER Victor 


STINNER Victor  added the comment:

In terms of security model, usually, if an attacker can execute arbitrary 
Python code, the game is over. Executing bytecode is the same. Python doesn't 
provide any tooling to validate bytecode in its stdlib.

https://python-security.readthedocs.io/security.html#python-security-model

If you consider that it's an important use case, you can create a project on 
PyPI to validate bytecode. I don't think that it belongs to the stdlib.

Python/ceval.c doesn't validate bytecode at runtime for performance reasons.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42422] types.CodeType() has no bytecode verifier

2021-04-20 Thread Sofian Brabez 


Sofian Brabez  added the comment:

It's been a while and I still have no clear guidance from there of what 
developers want to do.

Follow-up on this again to see if requires updates or just close it.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42422] types.CodeType() has no bytecode verifier

2020-12-07 Thread STINNER Victor 


STINNER Victor  added the comment:

> You may use https://bytecode.readthedocs.io/ which might help to write more 
> portable code, (...)

Ah, I didn't notice that at the beginning of the documentation, you can see 
that even a very simple loop has a different bytecode before and after Python 
3.8:

"Python 3.8 removed SETUP_LOOP"
https://bytecode.readthedocs.io/en/latest/usage.html#simple-loop

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42422] types.CodeType() has no bytecode verifier

2020-12-07 Thread STINNER Victor 


STINNER Victor  added the comment:

Compiled bytecode is not portable between Python versions. You may use 
https://bytecode.readthedocs.io/ which might help to write more portable code, 
but this project does not contain a bytecode verifier and I'm not sure that 
it's updated when the Python bytecode becomes backward incompatible. (I wrote 
the first version as a Proof-of-Concept of my PEP 511, but I no longer maintain 
it.)

--
title: Py_Decref on value crash the interpreter in Python/ceval.c:1104 -> 
types.CodeType() has no bytecode verifier

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com