[Python-ideas] Secure unpickle

Emile van Sebille emile at fenx.com
Wed Jul 22 23:51:53 CEST 2015

On 7/22/2015 1:03 AM, Neil Girdhar wrote:
> I've heard it said that pickle is a security hole,

Yes -- from the security section of the pickle docs:

However, for unpickling, it is never a good idea to unpickle an 
untrusted string whose origins are dubious

> and so it's better to
> write your own serialization routine.

Or unpickle only trusted strings.

> That's unfortunate because pickle
> has so many advantages such as automatically tying into copy/deepcopy.
>   Would it be possible to make unpickle secure, e.g., by having the
> caller create a context in which all calls to unpickle are limited to
> unpickling a specific set of types?  (When these types unpickle their
> sub-objects, they could potentially limit the set of types further.)

Do-you-know-where-your-pickles-been-lately-ly yr's,


More information about the Python-ideas mailing list