Message 53543 - Python tracker

Author	loewis
Recipients
Date	2002-06-09.17:14:32
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Logged In: YES user_id=21627 Making getattr a safe_constructor has security implictions which make this approach dangerous. It seems that unpickling might invoke arbitrary __getattr__ implementations. Adding a protocol to declare classes as "safe for getattr" might help.

Logged In: YES 
user_id=21627

Making getattr a safe_constructor has security implictions
which make this approach dangerous. It seems that unpickling
might invoke arbitrary __getattr__ implementations. Adding a
protocol to declare classes as "safe for getattr" might help.

History
Date	User	Action	Args
2007-08-23 16:02:13	admin	link	issue558238 messages
2007-08-23 16:02:13	admin	create