[issue9276] pickle should support methods
Marc-Andre Lemburg
report at bugs.python.org
Mon Aug 2 14:12:43 CEST 2010
Marc-Andre Lemburg <mal at egenix.com> added the comment:
Jean-Paul Calderone wrote:
>
> Jean-Paul Calderone <exarkun at twistedmatrix.com> added the comment:
>
>> This is a security feature and should not be broken !
>
> Can you explain this?
>
> I don't think I agree, since an attacker can always serialize whatever they feel like. It's the person doing the deserialization that has to be careful.
The marshal protocol which is used for storing PYC files has support
for serializing code objects.
The support on pickles, which are meant for data serialization, was not added
per default to prevent unwanted code execution during deserialization,
but instead made possible via pickle hooks, so as to make the decision
to support code serialization an explicit application choice.
By adding default support for unpickling code objects, you can trick
the unpickling code into executing serialized code: first you add
a serialized version of a malicious class definition, then you add
an object of that class to the pickle. At object restore time, the
malicious class can then run os.system('rm -rf /')...
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9276>
_______________________________________
More information about the Python-bugs-list
mailing list