enhancement request: make py3 read/write py2 pickle format
Marko Rauhamaa
marko at pacujo.net
Wed Jun 10 08:08:59 EDT 2015
Robert Kern <robert.kern at gmail.com>:
> By the very nature of the stated problem: serializing all language
> objects. Being able to construct any object, including instances of
> arbitrary classes, means that arbitrary code can be executed. All I
> have to do is make a pickle file for an object that claims that its
> constructor is shutil.rmtree().
You can't serialize/migrate arbitrary objects. Consider open TCP
connections, open files and other objects that extend outside the Python
VM. Also objects hold references to each other, leading to a huge
reference mesh.
For example:
a.buddy = b
b.buddy = a
with open("a", "wb") as f: f.write(serialize(a))
with open("b", "wb") as f: f.write(serialize(b))
with open("a", "rb") as f: aa = deserialize(f.read())
with open("b", "rb") as f: bb = deserialize(f.read())
assert aa.buddy is bb
Marko
More information about the Python-list
mailing list