This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author belopolsky
Recipients alexandre.vassalotti, belopolsky, exarkun, lemburg, pitrou
Date 2010-08-02.14:08:51
SpamBayes Score 0.028240187
Marked as misclassified No
Message-id <AANLkTi=zGrwan+pRuO_nczghkCgTjwk32ZhxpvOz7ZdH@mail.gmail.com>
In-reply-to <4C56D0B5.1010106@egenix.com>
Content
On Mon, Aug 2, 2010 at 10:05 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
..
> Without the definition of class x on the receiving side, there
> would be no exploit.

You are mistaken.  Try adding del x (or del evil in my example)
between dumps and loads and see it working.
History
Date User Action Args
2010-08-02 14:08:53belopolskysetrecipients: + belopolsky, lemburg, exarkun, pitrou, alexandre.vassalotti
2010-08-02 14:08:51belopolskylinkissue9276 messages
2010-08-02 14:08:51belopolskycreate