summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBarry Warsaw <barry@python.org>2001-11-18 16:24:01 (GMT)
committerBarry Warsaw <barry@python.org>2001-11-18 16:24:01 (GMT)
commit69ab5836ae8e1363df93102a47fd7d2e0e17409e (patch)
tree2168021b58d6e269b95e8bf5e33eecefdd05dbc5
parentf376ef0996974c30f608020427fead6edb66877d (diff)
downloadcpython-69ab5836ae8e1363df93102a47fd7d2e0e17409e.zip
cpython-69ab5836ae8e1363df93102a47fd7d2e0e17409e.tar.gz
cpython-69ab5836ae8e1363df93102a47fd7d2e0e17409e.tar.bz2
Paul Rubin reminds me that of course a class's constructor /could/ get
called, if the pickler found a __getinitargs__() method.
-rw-r--r--Doc/lib/libpickle.tex10
1 files changed, 6 insertions, 4 deletions
diff --git a/Doc/lib/libpickle.tex b/Doc/lib/libpickle.tex
index d6f1c2e..6018497 100644
--- a/Doc/lib/libpickle.tex
+++ b/Doc/lib/libpickle.tex
@@ -604,10 +604,12 @@ evil things like call \code{os.unlink()} with an arbitrary file name.
See section~\ref{pickle-protocol} for more details.
For safely unpickling class instances, you need to control exactly
-which classes will get created. The issue here is usually not that a
-class's constructor will get called --- it won't by the unpickler ---
-but that the class's destructor (i.e. its \method{__del__()} method)
-might get called when the object is garbage collected. The way to
+which classes will get created. Be aware that a class's constructor
+could be called (if the pickler found a \method{__getinitargs__()}
+method) and the the class's destructor (i.e. its \method{__del__()} method)
+might get called when the object is garbage collected. Depending on
+the class, it isn't very heard to trick either method into doing bad
+things, such as removing a file. The way to
control the classes that are safe to instantiate differs in
\module{pickle} and \module{cPickle}\footnote{A word of caution: the
mechanisms described here use internal attributes and methods, which