[Python-ideas] An official complaint regarding the marshal and pickle documentation

Leonardo Santagada santagada at gmail.com
Thu Mar 6 02:33:25 CET 2008

On 05/03/2008, at 16:03, Aaron Watters wrote:
> Guido pointed out that previous versions of marshal could crash  
> python.
> I replied that that is a bug and all known instances have been  
> fixed.  Pickle executes arbitrary code by design -- which is much  
> worse than just crashing a program.

Just read carefully what Guido said, if there is a bug it can not just  
crash your program, it can execute any kind of code, as bad or even  
worse than pickle... that is what is called a buffer overflow

Talking about it the pypy project has a directory somewhere with lots  
of snippets of ways to crash cpython... Not just the set recursion  
limit and overflow the stack one.

> Leonardo mentioned that pickle security concerns could be addressed  
> using crypto tricks.

For some uses, for others some modified version of pure python pickle  
could be used, so you have a controled and almost safe pickle.

> I replied that I would be comfortable unmarshalling a file from a  
> known hostile party -- no crypto verification required, because the  
> worst that could happen is that it would crash the interpreter.   
> With pickle I'd be handing my keyboard to a villian.
> In summary: I think marshal.loads(s) is just as safe as unicode(s)  
> or file.read().  pickle.loads(s) is morally equivalant to  
> __import__(s) or eval(s).

No marshall load do lots of stuff in pure unverified C code...  
anything could happen, as guido pointed out.

> I think the security warning for marshal and the implied  
> recommendation that pickle is okay for RPC should be removed.

No, AFAIK marshal can only load ints and simple objects... and that  
will give you a very poor rpc (for example it could never be used to  
replace pickle as it is used in ZODB and ZRPC).

Leonardo Santagada

More information about the Python-ideas mailing list