oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sagemath denial of service with abort() in gmp: overflow in mpz type

From: Jeremy Stanley <fungi () yuggoth org>
Date: Tue, 6 Sep 2022 14:51:01 +0000
On 2022-09-06 16:26:58 +0300 (+0300), Georgi Guninski wrote:

If you can crash the python interpreter without syscalls and
without the kernel killing it for OOM, would you call this DoS?


I didn't say it wasn't a denial of service, but you can trivially
create all manner of "denials of service" (and far, far worse things
too) of the CPython interpreter and anything running in it by asking
it to execute arbitrary Python code. It's more a question of whether
that's something that can or even should be "fixed." If a program's
author chooses to intentionally pass user-supplied code to CPython,
hopefully they do so knowing all the risks and informing their users
of the same.
-- 
Jeremy Stanley

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: