This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients barry, christian.heimes, kristjan.jonsson, pitrou, serhiy.storchaka, vstinner
Date 2013-10-11.12:17:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
marshal and pickle are unsafe, even without the patch attached to the issue. If you consider that it is an issue that should be fixed, please open a new issue. Antoine's patch doesn't make the module less secure, since it was already not secure :)

Loading untrusted data and executing untrusted code is not supported by Python. Many things should be fixed to support such use case, not only the marshal module. I'm interested by the topic (I wrote the pysandbox project, which is first try), but please discuss it elsewhere.
Date User Action Args
2013-10-11 12:17:19vstinnersetrecipients: + vstinner, barry, pitrou, kristjan.jonsson, christian.heimes, serhiy.storchaka
2013-10-11 12:17:19vstinnersetmessageid: <>
2013-10-11 12:17:19vstinnerlinkissue19219 messages
2013-10-11 12:17:19vstinnercreate