|
|
|
|
|
|
by fulafel
3587 days ago
|
|
|
The marshal format used by pyc files is explicitly documented[1] to be unsafe, just a fast way to cache the compiled byte code to a .pyc file next to the .py source file. The Python VM is not a sandbox so there has been no need for an untrusted bytecode format. [1] see big red warning box at https://docs.python.org/3/library/marshal.html |
|
|
We did similar excercise a year ago with zpaq, and Matt and community was able to fix it so well that now you can fuzz it pretty much forever :)