I'm assuming that someone confronted you with this security issue
somehow? Otherwise I don't understand why you'd be so upset about it.
BTW the warning for marshal is legit -- the C code that unpacks
marshal data has not been carefully analyzed against buffer overflows
and so on. Remember the first time someone broke into a system through
a malicious JPEG? The same could happen with marshal. Seriously.
I agree that the pickle module's warning needs to be moved to a more
prominent place (Georg has probably aready done this by the time I'm
finished typing this message :-). But I see no reason to get so upset
about it as to use all caps.
--Guido
On Wed, Mar 5, 2008 at 8:11 AM, Aaron Watters
In response to Oleg and George.
Yes apparently there is an acknowledgement in some subordinate page somewhere that there might be some problem with security and pickle. This should be on the first page in bold face like the unneeded one for marshal. I missed it just now because I just looked at the first page for marshal and pickle, like most people probably would, sorry.
Also this line from the marshal doc has got to go:
"For general persistence and transfer of Python objects through RPC calls, see the modules pickle and shelve. " http://docs.python.org/lib/module-marshal.html
which should read "For RPC calls never use pickle."
And the security warning for marshal benieth it should be removed because it is nonsense.
The implication of the current documentation is that most of my public projects contain serious security holes when they don't. And if you don't read the documentation carefully (like the implementers of Plone apparently didn't) the docs seem to suggest that pickle is somehow "safer" when it is about as unsafe as it could be.
-- Aaron Watters
_______________________________________________ Python-ideas mailing list Python-ideas@python.org http://mail.python.org/mailman/listinfo/python-ideas
-- --Guido van Rossum (home page: http://www.python.org/~guido/)