On Thu, Jul 16, 2020 at 11:13 AM Random832 <random...@fastmail.com> wrote: > > On Wed, Jul 15, 2020, at 08:14, Chris Angelico wrote: > > That's fair, but are you actually guaranteeing that it will never read > > arbitrary attributes from objects? > > First of all, reading an attribute of an object in a pickle requires the > getattr function. Even currently, you can substitute your own function for > getattr in find_class, and with my proposal you wouldn't have to because you > could control attempts to evaluate even the real getattr function. >
Are you sure of that? I don't have any examples to hand, but are you able to pickle something identified as pkg.module.cls(x)? > Second of all, with no way to exfiltrate, why is reading arbitrary attributes > from objects problematic? Because the moment you can read arbitrary attributes from arbitrary objects, Python becomes impossible to sandbox. ChrisA _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/AHDQVMILKSOKYQPOLRI36CSFV2WS24D2/ Code of Conduct: http://python.org/psf/codeofconduct/
