[Python-checkins] python/dist/src/Lib pickletools.py,1.19,1.20

gvanrossum@users.sourceforge.net gvanrossum@users.sourceforge.net
Tue, 28 Jan 2003 22:24:33 -0800 

Update of /cvsroot/python/python/dist/src/Lib
In directory sc8-pr-cvs1:/tmp/cvs-serv27768

Modified Files:
	pickletools.py 
Log Message:
Document the demise of all pretenses of safety, and the difference
between cPickle and pickle.py regarding __safe_for_unpickling__ before
Python 2.3.


Index: pickletools.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/pickletools.py,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -d -r1.19 -r1.20
*** pickletools.py	29 Jan 2003 03:49:43 -0000	1.19
--- pickletools.py	29 Jan 2003 06:24:30 -0000	1.20
***************
*** 126,129 ****
--- 126,140 ----
    the registry contents are predefined (there's nothing akin to the memo's
    PUT).
+ 
+ Another, independent change with Python 2.3 is the abandonment of any
+ pretense that it might be safe to pickles received from untrusted
+ parties -- no sufficient security analysis has been done to guarantee
+ this and there isn't a use case to warrants the expense of such an
+ analysis.
+ 
+ To this end, all tests for __safe_for_unpickling__ or for
+ copy_reg.safe_constructors are removed from the unpickling code.
+ References to these variables in the descriptions below are to be seen
+ as describing unpickling in Python 2.2 and before.
  """
  
***************
*** 1592,1597 ****
        attribute.  Unlike as for the __safe_for_unpickling__ check in REDUCE,
        it doesn't matter whether this attribute has a true or false value, it
!       only matters whether it exists (XXX this smells like a bug).  If
!       __safe_for_unpickling__ dosn't exist, UnpicklingError is raised.
  
        Else (the class object does have a __safe_for_unpickling__ attr),
--- 1603,1609 ----
        attribute.  Unlike as for the __safe_for_unpickling__ check in REDUCE,
        it doesn't matter whether this attribute has a true or false value, it
!       only matters whether it exists (XXX this is a bug; cPickle
!       requires the attribute to be true).  If __safe_for_unpickling__
!       doesn't exist, UnpicklingError is raised.
  
        Else (the class object does have a __safe_for_unpickling__ attr),
***************
*** 1625,1630 ****
        As for INST, the remainder of the stack above the markobject is
        gathered into an argument tuple, and then the logic seems identical,
!       except that no __safe_for_unpickling__ check is done (XXX this smells
!       like a bug).  See INST for the gory details.
        """),
  
--- 1637,1643 ----
        As for INST, the remainder of the stack above the markobject is
        gathered into an argument tuple, and then the logic seems identical,
!       except that no __safe_for_unpickling__ check is done (XXX this is
!       a bug; cPickle does test __safe_for_unpickling__).  See INST for
!       the gory details.
        """),