[Python-checkins] python/dist/src/Lib pickletools.py,1.19,1.20
gvanrossum@users.sourceforge.net
gvanrossum@users.sourceforge.net
Tue, 28 Jan 2003 22:24:33 -0800
Update of /cvsroot/python/python/dist/src/Lib
In directory sc8-pr-cvs1:/tmp/cvs-serv27768
Modified Files:
pickletools.py
Log Message:
Document the demise of all pretenses of safety, and the difference
between cPickle and pickle.py regarding __safe_for_unpickling__ before
Python 2.3.
Index: pickletools.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/pickletools.py,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -d -r1.19 -r1.20
*** pickletools.py 29 Jan 2003 03:49:43 -0000 1.19
--- pickletools.py 29 Jan 2003 06:24:30 -0000 1.20
***************
*** 126,129 ****
--- 126,140 ----
the registry contents are predefined (there's nothing akin to the memo's
PUT).
+
+ Another, independent change with Python 2.3 is the abandonment of any
+ pretense that it might be safe to pickles received from untrusted
+ parties -- no sufficient security analysis has been done to guarantee
+ this and there isn't a use case to warrants the expense of such an
+ analysis.
+
+ To this end, all tests for __safe_for_unpickling__ or for
+ copy_reg.safe_constructors are removed from the unpickling code.
+ References to these variables in the descriptions below are to be seen
+ as describing unpickling in Python 2.2 and before.
"""
***************
*** 1592,1597 ****
attribute. Unlike as for the __safe_for_unpickling__ check in REDUCE,
it doesn't matter whether this attribute has a true or false value, it
! only matters whether it exists (XXX this smells like a bug). If
! __safe_for_unpickling__ dosn't exist, UnpicklingError is raised.
Else (the class object does have a __safe_for_unpickling__ attr),
--- 1603,1609 ----
attribute. Unlike as for the __safe_for_unpickling__ check in REDUCE,
it doesn't matter whether this attribute has a true or false value, it
! only matters whether it exists (XXX this is a bug; cPickle
! requires the attribute to be true). If __safe_for_unpickling__
! doesn't exist, UnpicklingError is raised.
Else (the class object does have a __safe_for_unpickling__ attr),
***************
*** 1625,1630 ****
As for INST, the remainder of the stack above the markobject is
gathered into an argument tuple, and then the logic seems identical,
! except that no __safe_for_unpickling__ check is done (XXX this smells
! like a bug). See INST for the gory details.
"""),
--- 1637,1643 ----
As for INST, the remainder of the stack above the markobject is
gathered into an argument tuple, and then the logic seems identical,
! except that no __safe_for_unpickling__ check is done (XXX this is
! a bug; cPickle does test __safe_for_unpickling__). See INST for
! the gory details.
"""),