Home - language - python - 200908 - Thread

Re: Is python buffer overflow proof?

by sturlamoldenon 2009-08-03T21:11:49+00:00

Previous thread: Questions on XML
Next thread: "PAK WEB" "PAK WEB TV" "PAK WEBSITES" "PAK WEB DIRECTORY" "PAK WEB HOSTING" &
Threads sorted by date: python 200908

On 2 Aug, 15:50, Jizzai wrote:
> Is a _pure_ python program buffer overflow proof?
>
> For example in C++ you can declare a char[9] to hold user input.
> If the user inputs 10+ chars a buffer overflow occurs.
Short answer: NO
Bounds checking on sequence types is a protection against buffer
overflow, but is certainly not sufficient.
The Python interpreter is written in C. Python extension modules are
written in C (or something similar). If you find an unprotected buffer
in this C code, you can possibly overflow this buffer. This can be
used for nasty things like corrupting the stack and injecting
malicious code. There is a reason why the Python sandbox (rexec and
Bastion modules) was disabled in Python 2.3.
IronPython and Jython provides better protection against buffer
overflow than CPython, as these interpreters are written in safer
languages (C# and Java). You thus get an extra layer of protection
between the Python code and the unsafe C (used in JVM and .NET
runtimes).

--
http://mail.python.org/mailman/listinfo/python-list

Conversations: Is python buffer overflow proof?

Is python buffer overflow proof? by Jizzai on 2009-08-02T13:56:44+00:00
Re: Is python buffer overflow proof? by Marcus Wanner on 2009-08-02T14:35:06+00:00
Re: Is python buffer overflow proof? by Christian Heimes on 2009-08-02T14:43:46+00:00
Re: Is python buffer overflow proof? by Steven D'Aprano on 2009-08-02T15:21:47+00:00
Re: Is python buffer overflow proof? by sturlamolden on 2009-08-03T21:11:49+00:00
Re: Is python buffer overflow proof? by Gabriel Genellina on 2009-08-04T01:42:03+00:00
Re: Is python buffer overflow proof? by Steven D'Aprano on 2009-08-04T03:45:28+00:00
Re: Is python buffer overflow proof? by Paul Rubin on 2009-08-04T04:36:13+00:00
Re: Is python buffer overflow proof? by Steven D'Aprano on 2009-08-04T06:10:07+00:00
Re: Is python buffer overflow proof? by Paul Rubin on 2009-08-04T08:01:49+00:00
Re: Is python buffer overflow proof? by Gabriel Genellina on 2009-08-04T08:48:54+00:00
Re: Is python buffer overflow proof? by Thorsten Kampe on 2009-08-04T11:26:54+00:00
Re: Is python buffer overflow proof? by Neil Hodgson on 2009-08-04T13:37:51+00:00
Re: Is python buffer overflow proof? by sturlamolden on 2009-08-05T03:51:51+00:00
Re: Is python buffer overflow proof? by Thorsten Kampe on 2009-08-07T13:16:51+00:00
Re: Is python buffer overflow proof? by Fuzzyman on 2009-08-07T20:55:11+00:00
Re: Is python buffer overflow proof? by Fuzzyman on 2009-08-07T21:00:23+00:00

Related Threads

Re: Is python buffer overflow proof?

Conversations: Is python buffer overflow proof?

Related Lists