Message6968
Logged In: YES
user_id=31392
I don't think we should be doing anything about marshal.
Maybe we should name in pyclib or something <0.9 wink>. It
works fine for .pyc files, but I don't see a reason for it
to do anymore than is necessary for that purpose.
I think the notion of an unpickler that only handles
builtin datatypes is the most attractive option you offer,
but Paul has a good point about eval for strings. (It
currently has some hacks that address specific exploits,
but I doubt they are sufficient.) I also wonder how hard
it is to handle builtin types and avoid subclasses of
builtin types.
If there are any changes to pickle, I think we need to be
careful about how it is described. If we claim that an
unpickler is safe for untrusted pickles, we've made a
fairly strong claim. I still think such a design change
requires a PEP that includes some requirements and use
cases and a thorough analysis of potential exploits.
|
|
Date |
User |
Action |
Args |
2007-08-23 13:56:49 | admin | link | issue471893 messages |
2007-08-23 13:56:49 | admin | create | |
|