REPOST: Re: Who needs exceptions (was Re: Two languages, too similar, competing in the same space.)
Roy Smith
roy at panix.com
Sun Dec 30 11:14:36 EST 2001
More information about the Python-list mailing list
Sun Dec 30 11:14:36 EST 2001
- Previous message (by thread): Who needs exceptions (was Re: Two languages, too similar, competing in the same space.)
- Next message (by thread): Who needs exceptions (was Re: Two languages, too similar, competing in the same space.)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Stroder <michael at stroeder.com> wrote: > Seriously, I'm sick of all the security announcements regarding > buffer overflows and such. Not to speak of memory leaks. That's > stone age. On the other hand, a language like Python has its own set of potential security holes. I guess the classic would be some variation on exec(readline()) or eval(readline()). Sure, you're never supposed to write anything like that, but people do it (exactly the same can be said of not checking for buffer overflows in C). If I was a bad guy looking to hack into machines by spoofing servers written in python, I'd throw: os.popen ('echo owned::0:0:YouAreOwned:/:/bin/sh >> /etc/passwd') at every open port I could find and see what happened. Do it to enough machines and you might strike gold eventually. Would you suggest we eliminate eval() and exec() from the language? Maybe taintPython? :-) It's also possible to write memory leaks in python. Consider something like: packetLog = [] while 1: request = getPacketFromSocket() packetLog.append (request) doStuffWithPacket (request) It's pretty dumb to write something like that, but it certainly is a memory leak. ========= WAS CANCELLED BY =======: Path: news.sol.net!spool1-nwblwi.newsops.execpc.com!newsfeeds.sol.net!news-out.visi.com!hermes.visi.com!news.maxwell.syr.edu!feeder.kornet.net!news1.kornet.net!ua4canc3ll3r From: Roy Smith <roy at panix.com> Newsgroups: comp.lang.python Subject: cmsg cancel <roy-B000F6.11143630122001 at news1.panix.com> Control: cancel <roy-B000F6.11143630122001 at news1.panix.com> Date: Mon, 31 Dec 2001 04:00:24 GMT Organization: A poorly-installed InterNetNews site Lines: 2 Message-ID: <cancel.roy-B000F6.11143630122001 at news1.panix.com> NNTP-Posting-Host: 211.57.49.2 X-Trace: news2.kornet.net 1009774193 27193 211.57.49.2 (31 Dec 2001 04:49:53 GMT) X-Complaints-To: usenet at news2.kornet.net NNTP-Posting-Date: Mon, 31 Dec 2001 04:49:53 +0000 (UTC) X-No-Archive: yes X-Unac4ncel: yes X-Commentary: I love NewsAgent 1.10 and the Sandblaster Cancel Engine Build 74 (19 March 1999) This message was cancelled from within Mozilla.
- Previous message (by thread): Who needs exceptions (was Re: Two languages, too similar, competing in the same space.)
- Next message (by thread): Who needs exceptions (was Re: Two languages, too similar, competing in the same space.)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list