Alexander Belopolsky <belopol...@users.sourceforge.net> added the comment:
On Mon, Aug 2, 2010 at 9:25 AM, Marc-Andre Lemburg
<rep...@bugs.python.org> wrote:
..
>> You can *already* trick unpickling code into executing serialized code. You
>> don't need
> this feature in order to be able to do it.
>
> How ?
>
>>> from pickle import *
>>> class evil:
... def __reduce__(self):
... return (exec, ("print('pwned!')",))
...
>>> s = dumps(evil())
>>> loads(s)
pwned!
See also http://bugs.python.org/issue9120#msg109004 .
AFAICT, the reason functions and classes are pickled by name has
nothing to do with security. From the manual:
"""Similarly, when class instances are pickled, their class’s code and
data are not pickled along with them. Only the instance data are
pickled. This is done on purpose, so you can fix bugs in a class or
add methods to the class and still load objects that were created with
an earlier version of the class. If you plan to have long-lived
objects that will see many versions of a class, it may be worthwhile
to put a version number in the objects so that suitable conversions
can be made by the class’s __setstate__() method.
"""
http://docs.python.org/library/pickle.html?#what-can-be-pickled-and-unpickled
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue9276>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
