Message53543
| Author |
loewis |
| Recipients |
| Date |
2002年06月09日.17:14:32 |
| SpamBayes Score |
| Marked as misclassified |
| Message-id |
| In-reply-to |
| Content |
Logged In: YES
user_id=21627
Making getattr a safe_constructor has security implictions
which make this approach dangerous. It seems that unpickling
might invoke arbitrary __getattr__ implementations. Adding a
protocol to declare classes as "safe for getattr" might help. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2007年08月23日 16:02:13 | admin | link | issue558238 messages |
| 2007年08月23日 16:02:13 | admin | create |
|