This is motivated by the issue unearthed in #352. (The first commit fixes a luckily inconsequential mistake that slipped through review.)
In the datetime module, we hash a set of keys known at compile time and hence are not subject to DoS issues.
In the borrow module, the keys include pointer addresses which means that even if a program exposes its usage of NumPy arrays to remote user control, a DoS attack would also need detailed control over the placement of memory allocations in which case outright memory exhaustion seems to be a simpler avenue of attack.
This is motivated by the issue unearthed in #352. (The first commit fixes a luckily inconsequential mistake that slipped through review.)
In the
datetime
module, we hash a set of keys known at compile time and hence are not subject to DoS issues.In the
borrow
module, the keys include pointer addresses which means that even if a program exposes its usage of NumPy arrays to remote user control, a DoS attack would also need detailed control over the placement of memory allocations in which case outright memory exhaustion seems to be a simpler avenue of attack.