[Python-Dev] Security implications of pep 383
Terry Reedy
tjreedy at udel.edu
Wed Mar 30 01:07:01 CEST 2011
More information about the Python-Dev mailing list
Wed Mar 30 01:07:01 CEST 2011
- Previous message: [Python-Dev] Security implications of pep 383
- Next message: [Python-Dev] Security implications of pep 383
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 3/29/2011 2:23 PM, Michael Foord wrote: > Not sure how real the security risk is here: > > http://blog.omega-prime.co.uk/?p=107 > > Basically he is saying that if you store a list of blacklisted files > with names encoded in big-5 (or some other non-utf8 compatible encoding) > if those names are passed at the command line, or otherwise read in and > decoded from an assumed-utf8 source with surrogate escaping, the > surrogate escape decoded names will not match the properly decoded > blacklisted names. I posted link to this as comment, with my summary of thread. -- Terry Jan Reedy
- Previous message: [Python-Dev] Security implications of pep 383
- Next message: [Python-Dev] Security implications of pep 383
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list