The bottom line is that pickle should never be used in a security
sensitive context. Several years ago I spent about 5 minutes
writing a custom pickle fuzzer. It ran for about 60 seconds before
segfaulting. Fortunately, the last time I ran my fuzzer (about a
year ago), all I could produce was a MemoryError traceback.
Even with all the improvements pickle has seen, I think it would be
unwise to imply (via pickle module names or flags) that pickle is
On 7/11/2020 1:31 PM, Wes Turner wrote:
Would this accomplish something like:
pickle.load(safe=True) # or
Is there already a way to load data and not
code *with pickle*?
Python-ideas mailing list -- email@example.com
To unsubscribe send an email to firstname.lastname@example.org
Message archived at https://email@example.com/message/NRLT3IPO7X7BCE5NS7TUUEIHGUWMYGKC/
Code of Conduct: http://python.org/psf/codeofconduct/