Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-dev/2000-September/009389.html below:

[Python-Dev] Re: [Python-checkins] CVS: python/dist/src/Lib pickle.py,1.38,1.39

• Previous message: [Python-Dev] Re: [Python-checkins] CVS: python/dist/src/Lib pickle.py,1.38,1.39
• Next message: [Python-Dev] Re: [Python-checkins] CVS: python/dist/src/Lib pickle.py,1.38,1.39
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[I wrote]
> Hm...  This seems to add a lot of work to a very common item in
> pickles.
> 
> I had a different idea on how to make this safe from abuse: pass eval
> a globals dict with an empty __builtins__ dict, as follows:
> {'__builtins__': {}}.

I forgot that this is already how it's done.  But my point remains:
who says that this can cause security violations?  Sure, it can cause
unpickling to fail with an exception -- so can tons of other invalid
pickles.  But is it a security violation?

--Guido van Rossum (home page: http://www.pythonlabs.com/~guido/)

• Previous message: [Python-Dev] Re: [Python-checkins] CVS: python/dist/src/Lib pickle.py,1.38,1.39
• Next message: [Python-Dev] Re: [Python-checkins] CVS: python/dist/src/Lib pickle.py,1.38,1.39
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4