Chris Angelico writes: > Not completely, just very minorly. I'm distinguishing between attacks > that can be triggered remotely, and those which require the attacker > to run specific Python code. For example, using ctypes
OK. AFAICT that was a red herring introduced to the thread solely to support the claim "Python isn't memory-safe [anyway]" so it's not reasonable to claim a Python bug is a vulnerability. The original post didn't depend on ctypes or anything like that; it claimed there *might* be vulnerabilities in CPython's C code. If so, my claim is that they would indeed be security-relevant, regardless of what users with access to Python source might or might not be doing. Steve _______________________________________________ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/ESNESNCOM72YSPOPWECSCVKFOFYJ7USP/ Code of Conduct: http://python.org/psf/codeofconduct/