[issue19219] speed up marshal.loads()
STINNER Victor
report at bugs.python.org
Fri Oct 11 14:17:19 CEST 2013
STINNER Victor added the comment:
marshal and pickle are unsafe, even without the patch attached to the issue. If you consider that it is an issue that should be fixed, please open a new issue. Antoine's patch doesn't make the module less secure, since it was already not secure :)
Loading untrusted data and executing untrusted code is not supported by Python. Many things should be fixed to support such use case, not only the marshal module. I'm interested by the topic (I wrote the pysandbox project, which is first try), but please discuss it elsewhere.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19219>
_______________________________________
More information about the Python-bugs-list
mailing list