[issue28669] Math Library Dos Attack

2016-11-11 Thread STINNER Victor
STINNER Victor added the comment: > Very very very long and the server unreachable all path. If a server wants to allow users to run arbitrary code, a sandbox protecting the server must be used: limit CPU usage, limit total duration (time), etc. "while 1: pass" is another simple snippet to eat

[issue28669] Math Library Dos Attack

2016-11-11 Thread Raymond Hettinger
Raymond Hettinger added the comment: I think this should be marked as "not a bug" as closed. -- nosy: +rhettinger ___ Python tracker ___ _

[issue28669] Math Library Dos Attack

2016-11-11 Thread Honor
Honor added the comment: I will take a video on this subject. Then I will say the end result. Thanks a lot. On Fri, Nov 11, 2016 at 7:27 PM, Mark Dickinson wrote: > > Mark Dickinson added the comment: > > Thanks. The solution here is "Don't do that, then." That is, don't allow > this code to

[issue28669] Math Library Dos Attack

2016-11-11 Thread Mark Dickinson
Mark Dickinson added the comment: Thanks. The solution here is "Don't do that, then." That is, don't allow this code to execute on your server in the first place. At a guess, you've got a multithreaded server that's executing the given code on one thread, while continuing to listen for connect

[issue28669] Math Library Dos Attack

2016-11-11 Thread Honor
Honor added the comment: Very very very long and the server unreachable all path. On Fri, Nov 11, 2016 at 7:08 PM, Mark Dickinson wrote: > > Mark Dickinson added the comment: > > Please can you give more details about why you consider this a problem? > > Yes, some computations take a long time

[issue28669] Math Library Dos Attack

2016-11-11 Thread Mark Dickinson
Mark Dickinson added the comment: Please can you give more details about why you consider this a problem? Yes, some computations take a long time. I fail to see why this is an issue. -- nosy: +mark.dickinson ___ Python tracker

[issue28669] Math Library Dos Attack

2016-11-11 Thread Honor
New submission from Honor: Hello EveryOne, Payload : 12**62**6 Test script: import math math.log10(12**62**6) Program is looping. I tested apache server and flask web framework. Result: Frozen in frost. Cpu usage : %90-99 , system runs but server shutdowns. Author : Onur TAŞLIOĞLU --