On Mon, Jul 13, 2020 at 8:58 PM Edwin Zimmerman <email@example.com> wrote:
> On 7/11/2020 11:17 PM, Greg Ewing wrote:
> On 12/07/20 1:01 pm, Edwin Zimmerman wrote:
> As I see it, the unsafe callables (eval, exec, os.system, etc) are generally functions, and safe ones(int, list, dict) are generally classes, though there certainly would be exceptions.
> Where security is concerned, "there certainly would be exceptions"
> are not words you want to hear.
> Agreed, that is why pickle should almost never be used. In the past, I have looked long and hard at using pickle in my own projects, but was always turned away because of its potential for security issues. I've thought for years that pickle is a major security foot gun, and I think that not allowing this by default:
> >>> pickle.loads(b"cos\nsystem\n(S'echo hello world'\ntR.")
> would be a step in the right direction.
A pickle file (or equivalent blob in a database, or whatever) should
be considered equally as trusted as your source code. If you're
writing out a file that has the exact same access permissions as your
own source code, and then reading it back, you shouldn't have to worry
about pickle's safety any more than you worry about your code's safety
- anyone who could maliciously craft something for you to unpickle
could equally just edit the source code directly.
Python-ideas mailing list -- firstname.lastname@example.org
To unsubscribe send an email to email@example.com
Message archived at https://firstname.lastname@example.org/message/HRJVLRL4FDF4MQ6EPEHC36P6CHZSQBZ3/
Code of Conduct: http://python.org/psf/codeofconduct/