Date: Tue, 6 Sep 2022 14:51:01 +0000 From: Jeremy Stanley <fungi@...goth.org> To: oss-security@...ts.openwall.com Subject: Re: sagemath denial of service with abort() in gmp: overflow in mpz type On 2022-09-06 16:26:58 +0300 (+0300), Georgi Guninski wrote: > If you can crash the python interpreter without syscalls and > without the kernel killing it for OOM, would you call this DoS? I didn't say it wasn't a denial of service, but you can trivially create all manner of "denials of service" (and far, far worse things too) of the CPython interpreter and anything running in it by asking it to execute arbitrary Python code. It's more a question of whether that's something that can or even should be "fixed." If a program's author chooses to intentionally pass user-supplied code to CPython, hopefully they do so knowing all the risks and informing their users of the same. -- Jeremy Stanley Download attachment "signature.asc" of type "application/pgp-signature" (964 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.