MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
python
Search

[$] Insecurity and Python pickles

Tuesday March 12, 2024. 04:35 PM , from LWN.net
Serialization is the process of transforming Python objects into a sequence of
bytes which can be used to recreate a copy of the object later — or on another
machine.

pickle is Python's native serialization module. It can store complex Python
objects,
making it an appealing prospect for moving data without having to write
custom serialization code. For example, pickle is an integral component of
several file
formats used for machine learning. However, using pickle to deserialize
untrusted files is a major security risk, because doing so can invoke arbitrary
Python functions. Consequently, the machine-learning community is working to address the
security issues caused by widespread use of pickle.
Read more at LWN.net
https://lwn.net/Articles/964392/

Related News

python Python announces first security releases since becoming a CNA LWN.netMar 20
pickle [$] "Real" anonymous functions for Python LWN.netMar 19
serialization Let them eat snake: python farming an "efficient" food source BoingBoingMar 19
insecurity Get 'Python for Data Science for Dummies, 3rd Edition' (worth $21) for FREE BetaNewsMar 13
used [$] Making multiple interpreters available to Python code LWN.netMar 4
machine Learn to code at home (all skill levels!) with this Python course bundle, now $45.99 BoingBoingMar 3
objects Get 'Python Deep Learning -- Third Edition' (worth $39.99) for FREE BetaNewsFeb 28
pickles Linux Becomes a CVE Numbering Authority (Like Curl and Python). Is This a Turning Point? SlashdotFeb 18
security Watch this little girl swinging a python around in circles to save her guinea pig (video) BoingBoingFeb 1
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Apr, Mon 29 - 10:26 CEST