From: Georg Brandl <georg@python.org>
Date: Sun, 22 Sep 2013 09:43:10 +0000 (+0200)
Subject: Closes #19061: make shelve security warning consistent between 2.x and 3.x.
X-Git-Tag: v2.7.6rc1~141
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=110953d6dea65b03348f4de5f360a915f26e7746;p=python

Closes #19061: make shelve security warning consistent between 2.x and 3.x.
---

diff --git a/Doc/library/shelve.rst b/Doc/library/shelve.rst
index ad36b45896..b02f763dc3 100644
--- a/Doc/library/shelve.rst
+++ b/Doc/library/shelve.rst
@@ -47,9 +47,11 @@ lots of shared  sub-objects.  The keys are ordinary strings.
    Like file objects, shelve objects should be closed explicitly to ensure
    that the persistent data is flushed to disk.
 
-   Since the :mod:`shelve` module stores objects using :mod:`pickle`, the same
-   security precautions apply.  Accordingly, you should avoid loading a shelf
-   from an untrusted source.
+.. warning::
+
+   Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+   to load a shelf from an untrusted source.  Like with pickle, loading a shelf
+   can execute arbitrary code.
 
 Shelf objects support all methods supported by dictionaries.  This eases the
 transition from dictionary based scripts to those requiring persistent storage.