rurpy> It seems to have been disscussed publically starting around Oct 6
rurpy> or 7 (I didn't do a though search so this may be wrong.) It was
rurpy> fixed in Python 2.5 so either it was treated as a ordinary bug
rurpy> with unrecognised security implications, or the developers were
rurpy> aware of the security issues and sat on them.
It was fixed in a checkin on August 21 (rev 51450). While it's possible in
theory that this was the root of the compromise, the fact that none of the
security memos floating around suggested that it had been exploited gives me
a fairly warm feeling that it wasn't the cause of the starship breakin.
Also, the fact that it has been around, apparently unexploited, since 2001
suggests that it was sufficiently obscure that either a) nobody who knew
about it found a way to take advantage of it, or b) it was only recently
discovered back in August shortly before the problem was fixed in the source
code.
Skip
--
http://mail.python.org/mailman/listinfo/python-list
