On Wed, 15 Jul 2020 09:45:06 +1000 Steven D'Aprano email@example.com wrote:
And that's the risk: can I guarantee that there is no clever scheme by which an attacker can fool me into unpickling malicious code? I need to be smarter than the attacker, and more imaginative, and to have thought as long and hard about the problem as they have.
A rather straightforward way to guarantee it would be to sign pickles cryptographically. Of course, the private signing key should not be compromised :-)