Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <ian.g.kelly@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.032
X-Spam-Evidence: '*H*': 0.94; '*S*': 0.00; 'am,': 0.12; '6:00': 0.16; 'subject: ..': 0.16; 'subject:handling': 0.16; 'unpacking': 0.16; 'valueerror': 0.16; 'worries.': 0.16; 'cc:addr:python-list': 0.16; 'wrote:': 0.18; 'cheers,': 0.20; 'cc:no real name:2**0': 0.21; 'header:In-Reply-To:1': 0.22; 'feb': 0.22; 'seconds': 0.26; 'cc:2**0': 0.26; 'code': 0.26; 'load': 0.26; 'message- id:@mail.gmail.com': 0.29; 'true,': 0.29; 'weird': 0.29; 'cc:addr:python.org': 0.29; 'sun,': 0.30; 'chris': 0.30; 'least': 0.30; 'something': 0.35; 'two': 0.36; 'sequence': 0.37; 'received:google.com': 0.37; 'received:209.85': 0.38; 'allows': 0.38; 'doing': 0.38; 'think': 0.38; 'should': 0.38; 'received:209.85.215': 0.39; 'received:209': 0.39; "you'll": 0.61; 'header:Received:6': 0.61; 'your': 0.61; 'crash': 0.67; '26,': 0.73
Received-SPF: pass (google.com: domain of ian.g.kelly@gmail.com designates 10.112.29.34 as permitted sender) client-ip=10.112.29.34;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of ian.g.kelly@gmail.com designates 10.112.29.34 as permitted sender) smtp.mail=ian.g.kelly@gmail.com; dkim=pass header.i=ian.g.kelly@gmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=OWqwwKX6Xqj7fz+N5B+pGWiv/mR+iXqJACvgQO6Pvu0=; b=fJc4fHRqxTY9ogY7Xt/AE5j8SktEpCrELYhi5N3iDX7m2CZGfSMDwfR0Vj/5XmS/Vt 0aeEOu7J32dv98CIi4Z0iBMva8Yd/EcUKM2RXuw28xRUfkSPaz9+YJQ7KO1FMpb2khM2 /+GxTan0lylReWkesfG2XswKAkKS5Iz8tRxm4=
MIME-Version: 1.0
In-Reply-To: <CAPTjJmq4s3kY0s3CNw5ZnzngfknT-vP-N8OWm0_thvLs6Y0gDQ@mail.gmail.com>
References: <CAJ1erZ0s-aEzD_uYqY4=bhbwAkBRykXD72Lfx7bCmecRDazhAw@mail.gmail.com> <jid71t$eh6$1@dough.gmane.org> <CAPTjJmq4s3kY0s3CNw5ZnzngfknT-vP-N8OWm0_thvLs6Y0gDQ@mail.gmail.com>
From: Ian Kelly <ian.g.kelly@gmail.com>
Date: Mon, 27 Feb 2012 11:24:24 -0700
Subject: Re: pickle handling multiple objects ..
To: Chris Angelico <rosuav@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: python-list@python.org
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.206.1330367096.3037.python-list@python.org>
Lines: 13
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1330367096 news.xs4all.nl 6858 [2001:888:2000:d::a6]:46620
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:20948

On Sun, Feb 26, 2012 at 6:00 AM, Chris Angelico <rosuav@gmail.com> wrote:
> Additionally, you'll get a weird crash out of your program if load()
> returns something other than a sequence of length 3. Remember,
> everything that comes from outside your code is untrusted, even if you
> think you made it just two seconds ago.

While that's true, if your pickle is untrusted then a ValueError from
unpacking is the least of your worries.  You should never attempt to
load an untrusted pickle in the first place, as doing so allows it to
execute arbitrary code on your system.

Cheers,
Ian