On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote: > What's the attack you're thinking of on marshal? It never executes any > code while unmarshalling (although it can unmarshal code objects -- > but the receiving program has to do something additionally to execute > those).
These issues may have been fixed now, but a long time ago I recall seeing some nasty segfaults which looked exploitable when feeding marshal malformed data. If they still exist, running a fuzzer on some pyc files should reveal them pretty quickly. When I ran across them I didn't think much of them, and probably did not even report the bug, since marshal is mostly used to load code anyway, which is implicitly trusted.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
