oss-sec mailing list archives
Re: sagemath denial of service with abort() in gmp: overflow in mpz type
From: Jeremy Stanley <fungi () yuggoth org>
Date: Tue, 6 Sep 2022 14:51:01 +0000
On 2022-09-06 16:26:58 +0300 (+0300), Georgi Guninski wrote:
If you can crash the python interpreter without syscalls and without the kernel killing it for OOM, would you call this DoS?
I didn't say it wasn't a denial of service, but you can trivially create all manner of "denials of service" (and far, far worse things too) of the CPython interpreter and anything running in it by asking it to execute arbitrary Python code. It's more a question of whether that's something that can or even should be "fixed." If a program's author chooses to intentionally pass user-supplied code to CPython, hopefully they do so knowing all the risks and informing their users of the same. -- Jeremy Stanley
Attachment:
signature.asc
Description:
Current thread:
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type, (continued)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Michael Orlitzky (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)