Author Junyu Zhang
Recipients Junyu Zhang, davin, koobs, pitrou, vstinner, xtreak
Date 2020-03-22.15:48:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1584892125.54.0.770180782307.issue40039@roundup.psfhosted.org>
In-reply-to
Content
Thank you for your reply, this report is indeed the situation prompted by the warning. There will be few problems in the single-machine deployment mode. Of course, it is also possible to take advantage of the possibility of elevation of privilege. In the distributed deployment mode, the client script is leaked. The resulting authkey leak will also cause RCE problems. I have an idea. If ManagerBase can allow users to customize the serialization operation, it may be greatly relieved. Your suggestion is that I need to submit this to security@python.org Report it?
History
Date User Action Args
2020-03-22 15:48:45Junyu Zhangsetrecipients: + Junyu Zhang, pitrou, vstinner, koobs, davin, xtreak
2020-03-22 15:48:45Junyu Zhangsetmessageid: <1584892125.54.0.770180782307.issue40039@roundup.psfhosted.org>
2020-03-22 15:48:45Junyu Zhanglinkissue40039 messages
2020-03-22 15:48:45Junyu Zhangcreate