[Python-Dev] new features for 2.3?
Guido van Rossum
guido@python.org
Tue, 07 Jan 2003 16:40:22 -0500
> I would appreciate a little more explanation regarding the use of
> pickles. Since I've brought up the issue off-list a few times about
> using pickles of built-ins such as strings, integers, lists, and
> dictionaries (and probably datetime), but no sub-classes of
> built-ins or custom classes.
That sentence not parse.
> I understand that there are security concerns, but does this mean
> that exchanging a pickle via XML-RPC and/or SOAP or exchanging a
> pickle the way you might use a vCard (pickle as just data) is simply
> not doable?
I wouldn't touch a pickle that came in someone's email signature with
a 10-foot pole. It might seem safe now, and 2 years from now, when
everybody's doing it, a bored teenager in China finds a way to use it
to transport a feature. No, thank you.
> How does this impact ZODB (if at all) for the same types of
> applications? Binary pickles are extremely fast and easy to use, but
> it appears that using them in a situation where you need to exchange
> data is just not doable without additional support modules.
Pickles are fine as long as you trust the data source.
For untrusted situations, you should design a custom format that
OBVIOUSLY cannot be used to hack into your system. XML sounds pretty
good. HTML is bad (given JavaScript etc.).
> Or perhaps there just needs to be a standard safe unpickler that is
> part of 2.3 that only excepts built-ins of "safe" types? If the
> pickle contained something unsafe it would simply throw an exception
> but no harm would be done.
No, for the same reasons as above. I don't think you can prove it's
safe, so I don't think you should trust it.
Making marshal safe would be much easier, as long as you don't use
eval, exec or new.function() on the result. (Marshal currently can be
caused to SegFault by giving it bad data, but that's a localized
problem. The problem with pickle is that you have to validate the
entire Python interpreter and understand all the hidden introspective
hooks that are available.)
--Guido van Rossum (home page: http://www.python.org/~guido/)