Is unpickling data a security risk?
effbot at telia.com
Tue May 23 16:54:00 CEST 2000
Itamar Shtull-Trauring <itamar at maxnm.com> wrote:
> I'd like to store a pickle somewhere on the Internet (specifically, on
> Freenet - http://freenet.sourceforge.net). Other people may be able to
> change this pickle to whatever they want to. At some point I'm going to
> load this data (or what it was changed to) and unpickle. Is this a security
using fake pickles, an attacker may be able to execute python
scripts that doesn't belong to your application, but happens to
be on your path.
here's an example:
os.system("echo I'm in!")
data = """(icleanup\noops\np0\n(dp1\nb."""
now, what happens if you run the test script?
$ python test.py
Traceback (innermost last):
SystemError: Failed to import class oops from module cleanup
you can plug this hole by using a custom unpickler, where the
find_class method is overridden (see the pickle source code for
details). but there might be other holes in there...
if I were you, I'd use another marshalling method. like, say, the
marshalling subsystem from XML-RPC:
<!-- (the eff-bot guide to) the standard python library:
More information about the Python-list