Message 373124 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Iman Sharafaldin, christian.heimes, serhiy.storchaka, vstinner
Date	2020-07-06.14:36:17
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1594046177.87.0.116807221037.issue41208@roundup.psfhosted.org>
In-reply-to

Content
Yes, it's like pickle, but it is not like you think. The pickle module has a similar security disclaimer, https://docs.python.org/dev/library/pickle.html . We might agree to fix segfaults in unpickler code if the fix is simple and does not cause backwards compatibility or performance regressions. It's more likely that we decide against it because the pickle format is inherently insecure and not designed to handle untrusted data.

Yes, it's like pickle, but it is not like you think.

The pickle module has a similar security disclaimer, https://docs.python.org/dev/library/pickle.html . We might agree to fix segfaults in unpickler code if the fix is simple and does not cause backwards compatibility or performance regressions. It's more likely that we decide against it because the pickle format is inherently insecure and not designed to handle untrusted data.

History
Date	User	Action	Args
2020-07-06 14:36:17	christian.heimes	set	recipients: + christian.heimes, vstinner, serhiy.storchaka, Iman Sharafaldin
2020-07-06 14:36:17	christian.heimes	set	messageid: <1594046177.87.0.116807221037.issue41208@roundup.psfhosted.org>
2020-07-06 14:36:17	christian.heimes	link	issue41208 messages
2020-07-06 14:36:17	christian.heimes	create