[Python-checkins] bpo-37977: Warn more strongly and clearly about pickle security (GH-15595)
Raymond Hettinger
webhook-mailer at python.org
Sat Aug 31 01:51:37 EDT 2019
https://github.com/python/cpython/commit/daa82d019c52e95c3c57275307918078c1c0ac81
commit: daa82d019c52e95c3c57275307918078c1c0ac81
branch: master
author: Daniel Pope <lordmauve at users.noreply.github.com>
committer: Raymond Hettinger <rhettinger at users.noreply.github.com>
date: 2019-08-30T22:51:33-07:00
summary:
bpo-37977: Warn more strongly and clearly about pickle security (GH-15595)
files:
A Misc/NEWS.d/next/Documentation/2019-08-29-14-38-01.bpo-37977.pML-UI.rst
M Doc/library/pickle.rst
diff --git a/Doc/library/pickle.rst b/Doc/library/pickle.rst
index 09c9c86abbba..eb58178e0e92 100644
--- a/Doc/library/pickle.rst
+++ b/Doc/library/pickle.rst
@@ -30,9 +30,17 @@ avoid confusion, the terms used here are "pickling" and "unpickling".
.. warning::
- The :mod:`pickle` module is not secure against erroneous or maliciously
- constructed data. Never unpickle data received from an untrusted or
- unauthenticated source.
+ The ``pickle`` module **is not secure**. Only unpickle data you trust.
+
+ It is possible to construct malicious pickle data which will **execute
+ arbitrary code during unpickling**. Never unpickle data that could have come
+ from an untrusted source, or that could have been tampered with.
+
+ Consider signing data with :mod:`hmac` if you need to ensure that it has not
+ been tampered with.
+
+ Safer serialization formats such as :mod:`json` may be more appropriate if
+ you are processing untrusted data. See :ref:`comparison-with-json`.
Relationship to other Python modules
@@ -75,6 +83,9 @@ The :mod:`pickle` module differs from :mod:`marshal` in several significant ways
pickling and unpickling code deals with Python 2 to Python 3 type differences
if your data is crossing that unique breaking change language boundary.
+
+.. _comparison-with-json:
+
Comparison with ``json``
^^^^^^^^^^^^^^^^^^^^^^^^
@@ -94,7 +105,10 @@ There are fundamental differences between the pickle protocols and
types, and no custom classes; pickle can represent an extremely large
number of Python types (many of them automatically, by clever usage
of Python's introspection facilities; complex cases can be tackled by
- implementing :ref:`specific object APIs <pickle-inst>`).
+ implementing :ref:`specific object APIs <pickle-inst>`);
+
+* Unlike pickle, deserializing untrusted JSON does not in itself create an
+ arbitrary code execution vulnerability.
.. seealso::
The :mod:`json` module: a standard library module allowing JSON
diff --git a/Misc/NEWS.d/next/Documentation/2019-08-29-14-38-01.bpo-37977.pML-UI.rst b/Misc/NEWS.d/next/Documentation/2019-08-29-14-38-01.bpo-37977.pML-UI.rst
new file mode 100644
index 000000000000..cd0fa3c0584a
--- /dev/null
+++ b/Misc/NEWS.d/next/Documentation/2019-08-29-14-38-01.bpo-37977.pML-UI.rst
@@ -0,0 +1 @@
+Warn more strongly and clearly about pickle insecurity
More information about the Python-checkins
mailing list