STINNER Victor <vstin...@python.org> added the comment:
Lib/multiprocessing/connection.py uses a challenge to authenticate the client. How do you connect to the server? Yes, it's known that pickle is not safe, there is a big red warning at the top of the doc: https://docs.python.org/dev/library/pickle.html But please elaborate your attack scenario. How do you execute arbitrary code on a server? How do you inject code? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40039> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com