Message 373102 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	Iman Sharafaldin, serhiy.storchaka, vstinner
Date	2020-07-06.11:59:21
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1594036761.79.0.103482312275.issue41208@roundup.psfhosted.org>
In-reply-to

Content
According to the Python Security Model, this issue is not security vulnerability: (*) https://python-security.readthedocs.io/security.html#python-security-model The marshal is not intended to be used to load untrusted code. That's why its documentation contains the red warning: "The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source." https://docs.python.org/dev/library/marshal.html

According to the Python Security Model, this issue is not security vulnerability:
(*) https://python-security.readthedocs.io/security.html#python-security-model

The marshal is not intended to be used to load untrusted code. That's why its documentation contains the red warning:
"The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source."
https://docs.python.org/dev/library/marshal.html

History
Date	User	Action	Args
2020-07-06 11:59:21	vstinner	set	recipients: + vstinner, serhiy.storchaka, Iman Sharafaldin
2020-07-06 11:59:21	vstinner	set	messageid: <1594036761.79.0.103482312275.issue41208@roundup.psfhosted.org>
2020-07-06 11:59:21	vstinner	link	issue41208 messages
2020-07-06 11:59:21	vstinner	create