On Wed, Jul 15, 2020, at 08:14, Chris Angelico wrote:
That's fair, but are you actually guaranteeing that it will never read arbitrary attributes from objects?
First of all, reading an attribute of an object in a pickle requires the getattr function. Even currently, you can substitute your own function for getattr in find_class, and with my proposal you wouldn't have to because you could control attempts to evaluate even the real getattr function.
Second of all, with no way to exfiltrate, why is reading arbitrary attributes from objects problematic?