[issue11359] Please replace the use of pickle in subprocess with json.
david
report at bugs.python.org
Tue Mar 1 15:31:33 CET 2011
david <db.pub.mail at gmail.com> added the comment:
>From my reading of the code it may be possible if I execute a command via Popen that the child had output that went to stderror, because stderror is associated with the fd of errpipe_write, and it was not to be 'trusted' (lets say I ran it as another user) then it could be pickle.loaded in the parent - and this could potentially be bad.
I could be totally wrong about this tho. I haven't tested the above case yet.
Regardless - the use of pickle here is not really required and json can do what pickle is doing (from my reading of the code thus far).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11359>
_______________________________________
More information about the Python-bugs-list
mailing list