I just checked the python site documentation on marshal and pickle and I consider them to be irresponsibly and dangerously misleading.<br><br>For example. Suppose Mercurial is implemented using pickle.load (I sure hope it isn't -- is it?).<br>
<br>1) I send someone a "patch" for their software claiming it makes their package run faster.<br><br>2) That person uses mercurial to "unpack" the patch and mercurial uses pickle.load.<br><br>BAM! That person's filesystem is GONE! AND I'M NOT ASSUMING<br>
THAT THERE IS ANY BUG IN MERCURIAL!<br><br>Now: suppose Mercurial is implemented using marshal: no such scenario is possible<br>unless there is a security bug in mercurial where they explicitly execute something.<br><br>RESOLVED: pickle should come with a large red label: <br>
<br>WARNING: LARK'S VOMIT --<br>NEVER USE PICKLE TO IMPLEMENT UNTRUSTED ARCHIVING OF ANY KIND.<br><br>It doesn't have one.<br><br>Marshal needs no such label: but it has one:<br><br><b class="label">Warning:</b>
The <tt class="module">marshal</tt> module is not intended to be secure against
erroneous or maliciously constructed data. Never unmarshal data
received from an untrusted or unauthenticated source.
<br><br>This is bullshit.<br><br>Sorry, for the french and the caps, but this is REALLY IMPORTANT.<br><br> -- Aaron Watters<br><br><br>