[Python-ideas] An official complaint regarding the marshal and pickle documentation
Aaron Watters
aaron.watters at gmail.com
Thu Mar 6 18:40:35 CET 2008
On Wed, Mar 5, 2008 at 8:33 PM, Leonardo Santagada <santagada at gmail.com>
wrote:
>
> On 05/03/2008, at 16:03, Aaron Watters wrote:
> > Guido pointed out that previous versions of marshal could crash
> > python.
> >
> > I replied that that is a bug and all known instances have been
> > fixed. Pickle executes arbitrary code by design -- which is much
> > worse than just crashing a program.
>
> Just read carefully what Guido said, if there is a bug it can not just
> crash your program, it can execute any kind of code, as bad or even
> worse than pickle... that is what is called a buffer overflow
I'd like to know the actual number of successful
buffer overflow attacks that have ever happened on the planet in the wild.
Maybe one? Okay, according to Wikipedia there have been 4. I don't really
know but I think an overflowing buffer in marshal is not very likely to be
somewhere
near where a code segment could jump to because almost everything
in marshal is dynamically
allocated. The known attacks have been where the arrays were in static
locations,
I believe.
And it's not worse than pickle because pickle is perfectly capable of
compiling and
loading an assembly language component without you knowing anything about
it.
Pickle can do anything that the computer can do.
Also it's not worse than pickle because you have to be a highly experienced
and
perverted assembly language programmer to construct
an overflow attack and there has to be a bug in
marshal to allow it. To abuse pickle requires almost no skill at all, and
you
don't have to be perverted, you just have to be stupid. In fact pickle is
designed
to execute arbitrary code, and even documented.
For all I know it's just as feasible to stage buffer overflow attacks in
many other
places in python as it is in marshal -- like maybe
unicode.join or anyplace else where an array
is constructed. Which is to say it's not very feasible in those places
either.
I was clearly off my medication to start this discussion. I suppose
misleading
people into thinking marshal is dangerous is better than suggesting pickle
is safe.
Peace and love everyone. bye now.
-- Aaron Watters
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20080306/a3ca741d/attachment.html>
More information about the Python-ideas
mailing list