CPython bugs & risky features

Cite

Related Material

EuroPython

Czarnota, Dominik

Formal Metadata

Title

CPython bugs & risky features

Title of Series

EuroPython 2022

Number of Parts

112

Author

Czarnota, Dominik

License

CC Attribution - NonCommercial - ShareAlike 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

License

Identifiers

10.5446/60784 (DOI)

Publisher

EuroPython

Release Date

2022

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

In this talk we will look into a few bug cases or doubtful features in CPython some of which are still present (and known to bugs.python.org) and may impose a security risk for admins or organizations. We will learn why running Python interpreter in random directory can be harmful which is related to interpreter libs loading, a possibility for installed modules to inject code into any Python script execution (even if the installed library is not imported), a socket.inet_aton issue that actually comes from glibc and risks involved with those cases and possible mitigations of those risks.