On Sep 1, 2014, at 3:24 PM, Wolfgang Rohdewald <wolfgang....@rohdewald.de>
wrote:
> What is a non-class class or rather what sort of types is meant to
> be insecure?
Jelly is dynamically typed, so any value might show up in any position. In
this case, a value shows up in the slot in the serialization of a method object
which indicates that method's class might be any object, but it has to be a
class.
> Suggestions for a better error message instead of "non-class class"?
It's not clear that there needs to be a better error message here; you'll only
get this message if you have corrupt data on the wire, since a correct
implementation of PB will never put anything other than a class in that slot.
(Except I think it might be broken in the face of new-style classes; ClassType
is the old-style class type, 'type' is the new one, so, that should probably be
fixed, as per your other thread...)
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python