On 05/03/2008, at 16:03, Aaron Watters wrote:
Guido pointed out that previous versions of marshal could crash python.
I replied that that is a bug and all known instances have been fixed. Pickle executes arbitrary code by design -- which is much worse than just crashing a program.
Just read carefully what Guido said, if there is a bug it can not just crash your program, it can execute any kind of code, as bad or even worse than pickle... that is what is called a buffer overflow Talking about it the pypy project has a directory somewhere with lots of snippets of ways to crash cpython... Not just the set recursion limit and overflow the stack one.
Leonardo mentioned that pickle security concerns could be addressed using crypto tricks.
For some uses, for others some modified version of pure python pickle could be used, so you have a controled and almost safe pickle.
I replied that I would be comfortable unmarshalling a file from a known hostile party -- no crypto verification required, because the worst that could happen is that it would crash the interpreter. With pickle I'd be handing my keyboard to a villian.
In summary: I think marshal.loads(s) is just as safe as unicode(s) or file.read(). pickle.loads(s) is morally equivalant to __import__(s) or eval(s).
No marshall load do lots of stuff in pure unverified C code... anything could happen, as guido pointed out.
I think the security warning for marshal and the implied recommendation that pickle is okay for RPC should be removed.
No, AFAIK marshal can only load ints and simple objects... and that will give you a very poor rpc (for example it could never be used to replace pickle as it is used in ZODB and ZRPC). -- Leonardo Santagada