This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author belopolsky
Recipients belopolsky, exarkun, lemburg
Date 2010-08-02.13:54:15
SpamBayes Score 0.00024869494
Marked as misclassified No
Message-id <AANLkTimWqefbuNz77T6vvjLqbAj36iRoXdTdtYxiJ0OH@mail.gmail.com>
In-reply-to <4C56C754.9000902@egenix.com>
Content
On Mon, Aug 2, 2010 at 9:25 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
..
>> You can *already* trick unpickling code into executing serialized code.  You don't need
> this feature in order to be able to do it.
>
> How ?
>
>>> from pickle import *
>>> class evil:
...    def __reduce__(self):
...        return (exec, ("print('pwned!')",))
...
>>> s = dumps(evil())
>>> loads(s)
pwned!

See also http://bugs.python.org/issue9120#msg109004 .

AFAICT, the reason functions and classes are pickled by name has
nothing to do with security. From the manual:

"""Similarly, when class instances are pickled, their class’s code and
data are not pickled along with them. Only the instance data are
pickled. This is done on purpose, so you can fix bugs in a class or
add methods to the class and still load objects that were created with
an earlier version of the class. If you plan to have long-lived
objects that will see many versions of a class, it may be worthwhile
to put a version number in the objects so that suitable conversions
can be made by the class’s __setstate__() method.
"""  http://docs.python.org/library/pickle.html?#what-can-be-pickled-and-unpickled
History
Date User Action Args
2010-08-02 13:54:17belopolskysetrecipients: + belopolsky, lemburg, exarkun
2010-08-02 13:54:15belopolskylinkissue9276 messages
2010-08-02 13:54:15belopolskycreate