Message 112476 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	belopolsky
Recipients	alexandre.vassalotti, belopolsky, exarkun, lemburg, pitrou
Date	2010-08-02.14:13:54
SpamBayes Score	0.0023998024
Marked as misclassified	No
Message-id	<AANLkTinZsYSir8JSrLXV_eT82qBEdX_JQqtOLD8t5JXy@mail.gmail.com>
In-reply-to	<4C56D20F.1080703@egenix.com>

Content
On Mon, Aug 2, 2010 at 10:11 AM, Marc-Andre Lemburg <report@bugs.python.org> wrote: .. > Hmm, I just tried the code and it seems that you're right: > > The pickle string does not contain a reference to class x, > but only the name of the function to call. Wow, that's a huge > hole in Python's pickle system... That's why we have a big red """ Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. """ in the docs.

On Mon, Aug 2, 2010 at 10:11 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
..
> Hmm, I just tried the code and it seems that you're right:
>
> The pickle string does not contain a reference to class x,
> but only the name of the function to call. Wow, that's a huge
> hole in Python's pickle system...

That's why we have a big red

"""
Warning: The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data
received from an untrusted or unauthenticated source.
"""

in the docs.

History
Date	User	Action	Args
2010-08-02 14:13:56	belopolsky	set	recipients: + belopolsky, lemburg, exarkun, pitrou, alexandre.vassalotti
2010-08-02 14:13:55	belopolsky	link	issue9276 messages
2010-08-02 14:13:54	belopolsky	create