[issue9276] pickle should support methods
report at bugs.python.org
Mon Aug 2 15:54:16 CEST 2010
Alexander Belopolsky <belopolsky at users.sourceforge.net> added the comment:
On Mon, Aug 2, 2010 at 9:25 AM, Marc-Andre Lemburg
<report at bugs.python.org> wrote:
>> You can *already* trick unpickling code into executing serialized code. You don't need
> this feature in order to be able to do it.
> How ?
>>> from pickle import *
>>> class evil:
... def __reduce__(self):
... return (exec, ("print('pwned!')",))
>>> s = dumps(evil())
See also http://bugs.python.org/issue9120#msg109004 .
AFAICT, the reason functions and classes are pickled by name has
nothing to do with security. From the manual:
"""Similarly, when class instances are pickled, their class’s code and
data are not pickled along with them. Only the instance data are
pickled. This is done on purpose, so you can fix bugs in a class or
add methods to the class and still load objects that were created with
an earlier version of the class. If you plan to have long-lived
objects that will see many versions of a class, it may be worthwhile
to put a version number in the objects so that suitable conversions
can be made by the class’s __setstate__() method.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list