Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
sariel85313yPython is such a clusterfuck. The only reason why it is so popular is because all the script-kiddies use it.
-
@sariel it really is a clusterfuck. It's the new BASIC.
Just simple enough to be dangerous.
Its why I love it lol. -
So what exactly is the problem here? Calling exec will result in "function call to exec" in the pyc.
And wether a pyc and a py actually is not "really" checked anyway (besides a "recompile when the oy one changed")
By the way, a call to exec should trigger an audit hook at runtime. -
@sariel Ignition uses it (well jython) to control whole factories. Of course they just put javascript on a space station or something. So yeah...
-
sariel85313y
-
NikhilM42153yIs Python even expected to be secure? I was always under the impression it was there to get up and running quickly to test an idea and then you dump it as quick as you can for a proper implementation.
-
sariel85313y@NikhilM42 problem is most jr's don't get past the concept part of any new project and dive head first into the shallow end of the security pool.
Then you have product managers that hogtie the sr's hands behind their backs with the mountains of made-up bullshit with zero requirements.
And finally, the execs at the top bemoan and bitch about how nobody can do their fucking jobs in all this chaos, so let's fire the lot of them and make MORE chaos! -
@NikhilM42 The question always is "secure against what" - if someone can write to files loaded (executed) at program start, it is always "over", no matter what programming language.
-
@NikhilM42 Python is perfectly capable of running in production securely just as much as another language is. Hell you can secure PHP if you try enough.
I would say C and C++ have more CVEs total than python code bases because of memory management issues. -
sariel85313y@lungdart it also helps that C and C++ are used in almost every language, so the impacts are far more impressive.
Related Rants
"In Python 3, exec is a function; its use has no effect on the compiled bytecode of the function where it is used."
Found in a stackoverflow post.
So wait, you mean to say, you could hide code in a pyc file or am I mistaken?
How is this not a security concern?
devrant
security
python