On Wed, Mar 5, 2008 at 8:33 PM, Leonardo Santagada <
santagada@gmail.com> wrote:
On 05/03/2008, at 16:03, Aaron Watters wrote:
> Guido pointed out that previous versions of marshal could crash
> python.
>
> I replied that that is a bug and all known instances have been
> fixed. Pickle executes arbitrary code by design -- which is much
> worse than just crashing a program.
Just read carefully what Guido said, if there is a bug it can not just
crash your program, it can execute any kind of code, as bad or even
worse than pickle... that is what is called a buffer overflow
I'd like to know the actual number of successful
buffer overflow attacks that have ever happened on the planet in the wild.
Maybe one? Okay, according to Wikipedia there have been 4. I don't really
know but I think an overflowing buffer in marshal is not very likely to be somewhere
near where a code segment could jump to because almost everything
in marshal is dynamically
allocated. The known attacks have been where the arrays were in static locations,
I believe.
And it's not worse than pickle because pickle is perfectly capable of compiling and
loading an assembly language component without you knowing anything about it.
Pickle can do anything that the computer can do.
Also it's not worse than pickle because you have to be a highly experienced and
perverted assembly language programmer to construct
an overflow attack and there has to be a bug in
marshal to allow it. To abuse pickle requires almost no skill at all, and you
don't have to be perverted, you just have to be stupid. In fact pickle is designed
to execute arbitrary code, and even documented.