[Python-ideas] An official complaint regarding the marshal and pickle documentation
Leonardo Santagada
santagada at gmail.com
Thu Mar 6 02:33:25 CET 2008
On 05/03/2008, at 16:03, Aaron Watters wrote:
> Guido pointed out that previous versions of marshal could crash
> python.
>
> I replied that that is a bug and all known instances have been
> fixed. Pickle executes arbitrary code by design -- which is much
> worse than just crashing a program.
Just read carefully what Guido said, if there is a bug it can not just
crash your program, it can execute any kind of code, as bad or even
worse than pickle... that is what is called a buffer overflow
Talking about it the pypy project has a directory somewhere with lots
of snippets of ways to crash cpython... Not just the set recursion
limit and overflow the stack one.
> Leonardo mentioned that pickle security concerns could be addressed
> using crypto tricks.
For some uses, for others some modified version of pure python pickle
could be used, so you have a controled and almost safe pickle.
> I replied that I would be comfortable unmarshalling a file from a
> known hostile party -- no crypto verification required, because the
> worst that could happen is that it would crash the interpreter.
> With pickle I'd be handing my keyboard to a villian.
>
> In summary: I think marshal.loads(s) is just as safe as unicode(s)
> or file.read(). pickle.loads(s) is morally equivalant to
> __import__(s) or eval(s).
No marshall load do lots of stuff in pure unverified C code...
anything could happen, as guido pointed out.
> I think the security warning for marshal and the implied
> recommendation that pickle is okay for RPC should be removed.
No, AFAIK marshal can only load ints and simple objects... and that
will give you a very poor rpc (for example it could never be used to
replace pickle as it is used in ZODB and ZRPC).
--
Leonardo Santagada
More information about the Python-ideas
mailing list