On Thu, Jul 16, 2020 at 11:13 AM Random832 <[email protected]> wrote: > > On Wed, Jul 15, 2020, at 08:14, Chris Angelico wrote: > > That's fair, but are you actually guaranteeing that it will never read > > arbitrary attributes from objects? > > First of all, reading an attribute of an object in a pickle requires the > getattr function. Even currently, you can substitute your own function for > getattr in find_class, and with my proposal you wouldn't have to because you > could control attempts to evaluate even the real getattr function. >
Are you sure of that? I don't have any examples to hand, but are you able to pickle something identified as pkg.module.cls(x)? > Second of all, with no way to exfiltrate, why is reading arbitrary attributes > from objects problematic? Because the moment you can read arbitrary attributes from arbitrary objects, Python becomes impossible to sandbox. ChrisA _______________________________________________ Python-ideas mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/AHDQVMILKSOKYQPOLRI36CSFV2WS24D2/ Code of Conduct: http://python.org/psf/codeofconduct/
