From: Jacob Keller <jacob.e.keller@intel.com>
To: Jakub Kicinski <kuba@kernel.org>
Cc: <davem@davemloft.net>, <netdev@vger.kernel.org>,
<edumazet@google.com>, <pabeni@redhat.com>,
<andrew+netdev@lunn.ch>, <horms@kernel.org>,
<donald.hunter@gmail.com>
Subject: Re: [PATCH net-next] tools: ynl: try to avoid the very slow YAML loader
Date: Wed, 3 Jun 2026 17:17:39 -0700 [thread overview]
Message-ID: <3ca7d6b6-1aeb-4e7b-9263-64f4b427d1ef@intel.com> (raw)
In-Reply-To: <20260603163518.7bde747a@kernel.org>
On 6/3/2026 4:35 PM, Jakub Kicinski wrote:
> On Wed, 3 Jun 2026 15:08:46 -0700 Jacob Keller wrote:
>> Hmm. I was a bit confused at first by the switch from safe_load to
>> load.. but we're passing Loader as _yaml_loader which will either be
>> CSafeLoader *or* the default SafeLoader, so we'll get the appropriate
>> loader equivalent to what safe_load would have done, so there's no
>> change. Ok
>
> Maybe I should have mentioned this in the commit msg. I was also super
> confused by these APIs but IDK how much is this me not knowing Python
> and how much it's special. AFAIU basically:
>
This is a pyyaml issue not a generic python one I think.
> somewhere in pyyaml...
>
> def safe_load(file):
> return load(file, Loader=SafeLoader)
>
> so safe_load() is just a "shorthand" for using SafeLoader, which unlike
> load()s default loader doesn't allow constructing real/binary Python
> objects ?
load() by default uses the generic Loader that supports the full spec
and because of that is "unsafe":
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
Basically, loading the full YAML spec on untrusted input is unsafe since
it allows arbitrary execution.
>
> Why it doesn't default to the C one is beyond my understanding.
Right. I'm not super familiar here as to how it ends up not defaulting
to CSafeLoader, but probably its because its not always available.
prev parent reply other threads:[~2026-06-04 0:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-03 21:08 [PATCH net-next] tools: ynl: try to avoid the very slow YAML loader Jakub Kicinski
2026-06-03 22:08 ` Jacob Keller
2026-06-03 23:35 ` Jakub Kicinski
2026-06-04 0:17 ` Jacob Keller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ca7d6b6-1aeb-4e7b-9263-64f4b427d1ef@intel.com \
--to=jacob.e.keller@intel.com \
--cc=andrew+netdev@lunn.ch \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox