oss-sec mailing list archives
Re: sagemath denial of service with abort() in gmp: overflow in mpz type
From: Russ Allbery <eagle () eyrie org>
Date: Tue, 06 Sep 2022 09:14:46 -0700
Georgi Guninski <gguninski () gmail com> writes:
If you can crash the python interpreter without syscalls and without the kernel killing it for OOM, would you call this DoS?
I would only call it a DoS if it crosses a privilege boundary. A user can always DoS themselves; that's just Ctrl-C. :) The implication here may be that it's unsafe to use sagemath on untrusted input, and that by doing so one creates a DoS opportunity. This would be far (far!) from the only tool for which that's true, and thus not particularly exciting, but possibly an opportunity for better documentation. (One could also reasonably desire that sagemath was safe for use with untrusted input as a feature, but that can be a surprisingly difficult feature to implement.) -- Russ Allbery (eagle () eyrie org) <https://www.eyrie.org/~eagle/>
Current thread:
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type, (continued)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)