[Python-ideas] Adding a safe alternative to pickle in the standard library
Eric V. Smith
eric at trueblade.com
Thu Feb 21 14:53:13 CET 2013
On 2/21/2013 8:39 AM, Mark Hackett wrote:
> On Thursday 21 Feb 2013, Eric V. Smith wrote:
>> On 2/21/2013 6:11 AM, Antoine Pitrou wrote:
>>> Le Thu, 21 Feb 2013 06:01:19 -0500,
>>> Devin Jeanpierre <jeanpierreda at gmail.com>
>>>
>>> a écrit :
>>>> I've been noticing a lot of security-related issues being discussed in
>>>> the Python world since the Ruby YAML problemcame out. Is it time to
>>>> consider adding an alternative to pickle that is safe(r) by default?
>>>
>>> There's already json. Is something else needed?
>>
>> As stated elsewhere, it's cycles and especially arbitrary python objects
>> that are the big draw for pickle.
>>
>> I've always wanted a version of pickle.loads() that takes a list of
>> classes that are allowed to be instantiated. Often, when using pickle to
>> serialize over say AMQP or some other transport, I know what classes I
>> want to allow. Anything else is either a (not infrequent) logic error or
>> an attack of some sort.
>>
>> I realize this isn't perfect, but it would certainly reduce the attack
>> surface for many of my use cases. I'm already authenticating the sender,
>> and when I'm really paranoid I also sign the pickles.
>>
>> Just a thought.
>>
>
> Is this not better solved by other methods? I.e. wasteful, but effective would
> be to send it all by XML.
Sure. I could write a serializer (to XML or whatever) that handles
graphs of arbitrary python objects, but then I'm duplicating most of
what pickle does. I'd rather leverage all of the work that pickle
represents. Maybe I'll write a patch just to see what's involved.
--
Eric.
More information about the Python-ideas
mailing list