[Python-ideas] Serializable method
Antoine Pitrou
solipsis at pitrou.net
Sat Mar 10 00:00:54 CET 2012
On Fri, 9 Mar 2012 23:51:40 +0100
Masklinn <masklinn at masklinn.net> wrote:
> On 2012-03-09, at 23:42 , Antoine Pitrou wrote:
> > On Sat, 10 Mar 2012 01:36:53 +0300
> > anatoly techtonik <techtonik at gmail.com>
> > wrote:
> >> Pickle is insecure,
> >
> > http://docs.python.org/dev/library/pickle.html#restricting-globals
>
> Even with that, isn't Pickle open to the same issues `eval`
> (with restricted locals and globals) is, of innocuous code giving
> indirect access to "unsafe" structures and functions?
I don't know, does anyone have a proof-of-concept exploit for that?
Regards
Antoine.
More information about the Python-ideas
mailing list