Movatterモバイル変換

[Python-Dev] Python possible vulnerabilities in concurrency

• Previous message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Next message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Thu, Nov 16, 2017 at 6:53 AM, Guido van Rossum <guido at python.org> wrote:> On Wed, Nov 15, 2017 at 6:50 PM, Guido van Rossum <guido at python.org>> wrote:>>>>>> Actually it linked tohttp://standards.iso.org/ittf/>> PubliclyAvailableStandards/index.html from which I managed to download>> what looks like the complete c061457_ISO_IEC_TR_24772_2013.pdf (336>> pages) after clicking on an "I accept" button (I didn't read what I>> accepted :-). The $200 is for the printed copy I presume.>>>> So far I learned one thing from the report. They use the term> "vulnerabilities" liberally, defining it essentially as "bug":>> All programming languages contain constructs that are incompletely>> specified, exhibit undefined behaviour, are implementation-dependent, or>> are difficult to use correctly. The use of those constructs may therefore>> give rise to *vulnerabilities*, as a result of which, software programs>> can execute differently than intended by the writer.>>>> They then go on to explain that sometimes vulnerabilities can be> exploited, but I object to calling all bugs vulnerabilities -- that's just> using a scary word to get attention for a sleep-inducing document> containing such gems as "Use floating-point arithmetic only when absolutely> needed" (page 230).>>​I don't like such a definition of "vulnerability" either. Some bugs can bevulnerabilities (those that can be exploited) and some vulnerabilities canbe bugs. But there are definitely types of vulnerabilities that are notbugs––the DoS vulnerability that is eliminated by hash randomization is one.There may also be a gray area of bugs that can be vulnerabilities but onlyin some special situation. I think it's ok to call those vulnerabilitiestoo.​––Koos​​PS. How come I haven't seen a proposal to remove the float type frombuiltins yet?-)​-- + Koos Zevenhoven +http://twitter.com/k7hoven +-------------- next part --------------An HTML attachment was scrubbed...URL: <http://mail.python.org/pipermail/python-dev/attachments/20171117/455d0433/attachment-0001.html>

• Previous message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Next message (by thread):[Python-Dev] Python possible vulnerabilities in concurrency
• Messages sorted by:[ date ][ thread ][ subject ][ author ]