[Python-ideas] Adding a safe alternative to pickle in the standard library

[Devin Jeanpierre]

On Thu, Feb 21, 2013 at 1:29 PM, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Steve Dower writes:
>
>  > In a past life I used pickle regularly to snapshot long-running
>  > (evolutionary) algorithms that used user-provided classes
>
> And how do you propose to prevent user-provided exploits, then?

Just because an application has one place where someone can inject new
code, doesn't mean it should have another. You might trust the people
that write these evolutionary algorithm classes, but not trust people
that give you snapshots of the algorithms running.

> Nobody wants to take away the power of pickle if it imposes only risks
> you're happy to bear.  The question here is "is it possible to be
> *safer* than pickle without giving up any of the power?"

I hope nobody is asking that question, because the answer is a strong
no. Pickle's ability to call arbitrary objects accessible in any
module, anywhere, is part of how powerful it is, but it is also a
fundamental source of unsafety.

That does not mean that we should not write or use safer alternatives.
We have written and do use safer alternatives, like the json module.
But it means we can't expect them to be usable exactly everywhere
pickle is. I would've said the question is how far in that direction
we should bother to go. How many features do you add before you're
increasing risk from faulty code, rather than decreasing it by making
it easier to use a secure-by-design library?

-- Devin