Author vstinner
Recipients Junyu Zhang, davin, koobs, pitrou, vstinner, xtreak
Date 2020-03-23.17:30:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1584984639.51.0.564203654701.issue40039@roundup.psfhosted.org>
In-reply-to
Content
Lib/multiprocessing/connection.py uses a challenge to authenticate the client. How do you connect to the server?

Yes, it's known that pickle is not safe, there is a big red warning at the top of the doc:
https://docs.python.org/dev/library/pickle.html

But please elaborate your attack scenario. How do you execute arbitrary code on a server? How do you inject code?
History
Date User Action Args
2020-03-23 17:30:39vstinnersetrecipients: + vstinner, pitrou, koobs, davin, xtreak, Junyu Zhang
2020-03-23 17:30:39vstinnersetmessageid: <1584984639.51.0.564203654701.issue40039@roundup.psfhosted.org>
2020-03-23 17:30:39vstinnerlinkissue40039 messages
2020-03-23 17:30:39vstinnercreate