[Python-ideas] Fwd: Re: Secure unpickle

Neil Girdhar mistersheik at gmail.com
Thu Jul 23 15:54:58 CEST 2015

On Wed, Jul 22, 2015 at 9:46 PM, Nathaniel Smith <njs at pobox.com> wrote:

> On Wed, Jul 22, 2015 at 5:27 PM, Neil Girdhar <mistersheik at gmail.com>
> wrote:
> >
> > That is so unfortunate.  Pickle is such a good solution except for the
> > security.  Why can't we have security too?  It doesn't seem to me to be
> > right for a project like matplotlib to be writing their own serialization
> > library.  It would be awesome if Python had secure serialization
> built-in.
> The reason you can pickle/unpickle arbitrary Python objects is that
> the pickle format is basically a structured, optimized way of
> generating and then evaluating arbitrary Python code. Which is great
> because it's totally general -- that's why we love pickle, you can
> pickle anything -- but that exact feature is what makes it insecure.
> If you want to make something secure, that means making some explicit
> decisions about what kinds of things can be put into your data format
> and which cannot, and write some explicit code to handle each of these
> things instead of just handing the file format direct access to your
> interpreter. But by the time you've done that you've done the hard
> part of implementing a new format anyway...

Wouldn't it be easier to just tell unpickle which code it's allowed to run
(by passing a list of modules and classes)?  Then your serializer can be
reused by deepcopy and other Python routines that might tie into "reduce"?
I think that's easier than "implementing (yet another) a new format".

> -n
> --
> Nathaniel J. Smith -- http://vorpus.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150723/6bd70362/attachment.html>

More information about the Python-ideas mailing list