STINNER Victor added the comment: "You should ensure that loaded bytes are ASCII-only. Otherwise broken or malicious marshalled data will compromise you program."
This is not new, see the red warning in marshal doc: """ Warning The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source. """ ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19219> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
