MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
python
Recherche

[$] Insecurity and Python pickles

mardi 12 mars 2024, 16:35 , par LWN.net
Serialization is the process of transforming Python objects into a sequence of
bytes which can be used to recreate a copy of the object later — or on another
machine.

pickle is Python's native serialization module. It can store complex Python
objects,
making it an appealing prospect for moving data without having to write
custom serialization code. For example, pickle is an integral component of
several file
formats used for machine learning. However, using pickle to deserialize
untrusted files is a major security risk, because doing so can invoke arbitrary
Python functions. Consequently, the machine-learning community is working to address the
security issues caused by widespread use of pickle.
Lire la suite sur LWN.net
https://lwn.net/Articles/964392/

Voir aussi

python Python announces first security releases since becoming a CNA LWN.net20 Mar
pickle [$] "Real" anonymous functions for Python LWN.net19 Mar
serialization Let them eat snake: python farming an "efficient" food source BoingBoing19 Mar
insecurity Get 'Python for Data Science for Dummies, 3rd Edition' (worth $21) for FREE BetaNews13 Mar
used Palit et Gainward dévoilent des RTX 4060 Infinity 2 et Python 2 CowcotLand 7 Mar
machine [$] Making multiple interpreters available to Python code LWN.net 4 Mar
objects Learn to code at home (all skill levels!) with this Python course bundle, now $45.99 BoingBoing 3 Mar
pickles Get 'Python Deep Learning -- Third Edition' (worth $39.99) for FREE BetaNews28 Feb
security Linux Becomes a CVE Numbering Authority (Like Curl and Python). Is This a Turning Point? Slashdot18 Feb
python Watch this little girl swinging a python around in circles to save her guinea pig (video) BoingBoing 1 Feb
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
mer. 15 mai - 11:02 CEST