Alexander Belopolsky <belopol...@users.sourceforge.net> added the comment:
On Mon, Aug 2, 2010 at 10:11 AM, Marc-Andre Lemburg <rep...@bugs.python.org> wrote: .. > Hmm, I just tried the code and it seems that you're right: > > The pickle string does not contain a reference to class x, > but only the name of the function to call. Wow, that's a huge > hole in Python's pickle system... That's why we have a big red """ Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. """ in the docs. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9276> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
