Robert Kern <robert.k...@gmail.com>: > By the very nature of the stated problem: serializing all language > objects. Being able to construct any object, including instances of > arbitrary classes, means that arbitrary code can be executed. All I > have to do is make a pickle file for an object that claims that its > constructor is shutil.rmtree().
You can't serialize/migrate arbitrary objects. Consider open TCP connections, open files and other objects that extend outside the Python VM. Also objects hold references to each other, leading to a huge reference mesh. For example: a.buddy = b b.buddy = a with open("a", "wb") as f: f.write(serialize(a)) with open("b", "wb") as f: f.write(serialize(b)) with open("a", "rb") as f: aa = deserialize(f.read()) with open("b", "rb") as f: bb = deserialize(f.read()) assert aa.buddy is bb Marko -- https://mail.python.org/mailman/listinfo/python-list