Message112496
The security issue mentioned previously has been known for years. And, it is easy to protect against. See http://docs.python.org/py3k/library/pickle.html#restricting-globals
Also I am against adding pickling support to code objects. Code objects have no backward-compatibility constraint unlike pickles.
Antoine is right about we should be using a method fully-qualified name to pickle it. However, the problem with this approach is a method doesn't always have fully-qualified name (see issue3657). ForkingPickler in Lib/multiprocessing/forking.py uses this approach to add pickling support to methods. |
|
Date |
User |
Action |
Args |
2010-08-02 16:43:25 | alexandre.vassalotti | set | recipients:
+ alexandre.vassalotti, lemburg, loewis, rhettinger, hinsen, exarkun, belopolsky, pitrou, eric.araujo, obamausa8 |
2010-08-02 16:43:24 | alexandre.vassalotti | set | messageid: <1280767404.91.0.281950170819.issue9276@psf.upfronthosting.co.za> |
2010-08-02 16:43:23 | alexandre.vassalotti | link | issue9276 messages |
2010-08-02 16:43:23 | alexandre.vassalotti | create | |
|