Is unpickling data a security risk?
Fredrik Lundh
effbot at telia.com
Tue May 23 10:54:00 EDT 2000
Itamar Shtull-Trauring <itamar at maxnm.com> wrote:
> I'd like to store a pickle somewhere on the Internet (specifically, on
> Freenet - http://freenet.sourceforge.net). Other people may be able to
> change this pickle to whatever they want to. At some point I'm going to
> load this data (or what it was changed to) and unpickle. Is this a security
> risk?
yes.
using fake pickles, an attacker may be able to execute python
scripts that doesn't belong to your application, but happens to
be on your path.
here's an example:
# cleanup.py
import os
os.system("echo I'm in!")
# test.py
import pickle
data = """(icleanup\noops\np0\n(dp1\nb."""
print pickle.loads(data)
now, what happens if you run the test script?
$ python test.py
i'm in!
Traceback (innermost last):
SystemError: Failed to import class oops from module cleanup
oops indeed!
you can plug this hole by using a custom unpickler, where the
find_class method is overridden (see the pickle source code for
details). but there might be other holes in there...
if I were you, I'd use another marshalling method. like, say, the
marshalling subsystem from XML-RPC:
http://www.pythonware.com/products/xmlrpc
</F>
<!-- (the eff-bot guide to) the standard python library:
http://www.pythonware.com/people/fredrik/librarybook.htm
-->
More information about the Python-list
mailing list