Message373129
It's interesting that you would not count a critical segfault in Pickle as a threat, because there are numerous libraries that are Unpickling untrusted user data (even-though some of them are using RestrictedUnpickler to protect themselves but a segfault would bypass that). For example, Ray Project with five thousands commits (https://github.com/ray-project/ray/blob/master/rllib/utils/policy_server.py#L31).
Long story short, you advise us to not put time on checking the security of the Pickle module too, am I right?
Thanks,
Iman |
|
Date |
User |
Action |
Args |
2020-07-06 15:04:05 | Iman Sharafaldin | set | recipients:
+ Iman Sharafaldin, vstinner, christian.heimes, serhiy.storchaka |
2020-07-06 15:04:05 | Iman Sharafaldin | set | messageid: <1594047845.73.0.0249302950997.issue41208@roundup.psfhosted.org> |
2020-07-06 15:04:05 | Iman Sharafaldin | link | issue41208 messages |
2020-07-06 15:04:05 | Iman Sharafaldin | create | |
|