david <db.pub.m...@gmail.com> added the comment: >From my reading of the code it may be possible if I execute a command via >Popen that the child had output that went to stderror, because stderror is >associated with the fd of errpipe_write, and it was not to be 'trusted' (lets >say I ran it as another user) then it could be pickle.loaded in the parent - >and this could potentially be bad.
I could be totally wrong about this tho. I haven't tested the above case yet. Regardless - the use of pickle here is not really required and json can do what pickle is doing (from my reading of the code thus far). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11359> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
