[CSS_ACM_General_List] a question

Matt Young mabufo at gmail.com
Tue May 24 14:04:08 CDT 2011


Sean, python is very extensible from what I remember. You might be
interested in this:
http://docs.python.org/release/2.6.6/extending/index.html

On Tue, May 24, 2011 at 1:39 PM, Sean Neilan <sean at seanneilan.com> wrote:

> That's what I'm curious about is how python manages the mallocs and frees.
> There's some kind of machine that does that. I understand that buffer
> overflows can be prevented by not going over array indexes, but, what if you
> want to store everything that goes into a server?
>
> Python appears to manage large amounts of data extraordinarily well.
> http://docs.python.org/c-api/memory.html
>
> I would like to write web software in C but still have the memory
> management capabilities of python so I don't run into buffer overflows.
>
> I'm finding that the ease of python gets old after a while.
>
>
> On Tue, May 24, 2011 at 1:29 PM, John Kristoff <jtk at depaul.edu> wrote:
>
>> On Tue, May 24, 2011 at 11:54:29AM -0500, Sean Neilan wrote:
>> > What happens in Python that generally doesn't happen in a server in C to
>> > prevent buffer overflows? Why should Python have an advantage over the
>> > language it was written in?
>>
>> Python and other languages like it generally make it much harder for
>> you to mess up in this way.  In C, your variables, most notoriously
>> strings, require you to allocate and properly use the memory set aside
>> for them.  For instance,
>>
>>  char foo[80];
>>
>> Sets up 80 bytes for a string named 'foo'.  What happens when you
>> try to put 81 bytes into that variable?  Well, if you code safely
>> that won't happen, but say you did something like this:
>>
>>  gets(foo);
>>
>> It is trivial to give more than 80 bytes via gets and, voila, buffer
>> overflow.
>>
>> In Python, and others, memory is managed automatically for you as
>> needed.  In Python, you don't even need to allocate memory for foo.
>> It could be a string of arbritrary size, Python will figure out and
>> handle all the memory management for you.  Even if foo changes
>> drastically throughout your running program, it's not something you
>> have to manage directly.  Memory management is all handled under the
>> covers for you.  I don't know Python well, but I imagine under the
>> covers is essentially mallocs and frees that do this for you.
>>
>> Of course, you might be able to stuff foo full of data exceeding the
>> resources of the running system, but that is a slightly separate issue.
>>
>> Note, even with Python's memory management doing all the work for
>> you, you may not entirely be rid of buffer overflows if the underlying
>> language implementation has a bug.  For example:
>>
>>  <http://www.securityfocus.com/bid/30491>
>>
>> John
>>
>
>
> _______________________________________________
> CSS_ACM_General_List mailing list
> CSS_ACM_General_List at mailman.depaul.edu
> http://mailman.depaul.edu/mailman/listinfo/css_acm_general_list
>
>


-- 
-Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.depaul.edu/pipermail/css_acm_general_list/attachments/20110524/92c28332/attachment.html 


More information about the CSS_ACM_General_List mailing list