Patrick Reader writes: > And Python is not like JavaScript (in the browser), where code is > supposed to be run in a total sandbox. Python is not supposed to be a > completely memory-safe language. You can always access memory manually > using `ctypes`, or, ultimately, `/proc/self/mem`.
True enough, but > For this reason, a buffer overflow in CPython is a bug because it can > cause a crash, not because it can cause a security vulnerability. A crash *is* a (potential) security vulnerability. If it can be reliably triggered by user input, it's a denial of service. Steve _______________________________________________ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/6DLOXRJO6ZEIB7XDHYHBLHFYHG3MQIVS/ Code of Conduct: http://python.org/psf/codeofconduct/