[Python-ideas] Fwd: Re: Secure unpickle
Eric V. Smith
eric at trueblade.com
Thu Jul 23 16:26:00 CEST 2015
On 07/23/2015 09:54 AM, Neil Girdhar wrote:
> On Wed, Jul 22, 2015 at 9:46 PM, Nathaniel Smith <njs at pobox.com
> <mailto:njs at pobox.com>> wrote:
> On Wed, Jul 22, 2015 at 5:27 PM, Neil Girdhar <mistersheik at gmail.com
> <mailto:mistersheik at gmail.com>> wrote:
> > That is so unfortunate. Pickle is such a good solution except for the
> > security. Why can't we have security too? It doesn't seem to me to be
> > right for a project like matplotlib to be writing their own serialization
> > library. It would be awesome if Python had secure serialization built-in.
> The reason you can pickle/unpickle arbitrary Python objects is that
> the pickle format is basically a structured, optimized way of
> generating and then evaluating arbitrary Python code. Which is great
> because it's totally general -- that's why we love pickle, you can
> pickle anything -- but that exact feature is what makes it insecure.
> If you want to make something secure, that means making some explicit
> decisions about what kinds of things can be put into your data format
> and which cannot, and write some explicit code to handle each of these
> things instead of just handing the file format direct access to your
> interpreter. But by the time you've done that you've done the hard
> part of implementing a new format anyway...
> Wouldn't it be easier to just tell unpickle which code it's allowed to
> run (by passing a list of modules and classes)?
unpickle can already do that, via Unpickler.find_class. There's an
example in the docs.
More information about the Python-ideas