But what do you think of making transaction with script size above 10000 bytes or script which contain OP_PUSH (and it's variant) become non-standard?
10k bytes may be too big and remain exploitable (eg. using multiple inputs)
Yeah, i only mention 10000 bytes since it was limit for previous type of script. As for remain exploitable by multiple input, it could be reduced by making transaction with size bigger than X bytes/weight become non-standard.
and we can't do anything about OP_PUSH itself since the signature and pubkeys are also pushed to the stack that way.
I completely forget OP_PUSH is used for many use case. But how about limiting maximum data size which can be pushed?