mvanholsteijn
commented
3 years ago Currently I use python 3.7 as the runtime environment for all my custom providers, which is a supported lambda runtime. Is there a reason why you cannot use it?
Closed dxciberaws closed 3 years ago
mvanholsteijn
commented
3 years ago Currently I use python 3.7 as the runtime environment for all my custom providers, which is a supported lambda runtime. Is there a reason why you cannot use it?
GStonetiger
commented
3 years ago I ran into the same error when I changed runtime to 3.8. There is a buffer overflow issue in many Python 3.x version. Please see following for details.
https://nvd.nist.gov/vuln/detail/CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
https://bugs.python.org/issue42938
This security issue has been fixed in 3.8.8. https://www.python.org/downloads/release/python-388/
I know AWS Python 3.8 Runtime is still using 3.8.7. We are hoping AWS will upgrade 3.8 Runtime to 3.8.8 version soon. It will be great if cfn-secret-provider can support Python 3.8.
mvanholsteijn
commented
3 years ago upgraded to Python 3.9.
Current 1.3.1 deployment pack is not compatible with AWS lambda Python 3.8 environment.
Error is:
ModuleNotFoundError: No module named '_cffi_backend'
This is most probably solvable by just rebuilding the package in a 3.8 environment.