Is unpickling data a security risk?

Brian Lloyd Brian at
Tue May 23 10:17:19 EDT 2000

> > does the act of unpickling cause any code in the pickled object to
> > be executed?
> No. As far as I'm aware, the standard pickle module
> doesn't pickle or unpickle code objects, for precisely
> this reason. So you should be safe.

Well - for some value of 'safe' :^) Note that if you do not
have absolute trust in the source of the pickle and the 
unpickling environment, this can still be a little scary, 
even though code objects aren't in the pickle.

An (admittedly extreme) example - if someone can arrange for an 
evil class like the following to be available to the unpickling
environment (or if they happen to know of a class already available
in that environment that may do similar bad or inappropriate 
things), you'd be in trouble if someone sent you an Evil object
to unpickle:

# module evil

import os

class Evil:
  """Am I evil? Yes I am."""

  # spelling changed to protect the innocent
  os.system("rmm -rf *")

  def __init__(self):
    # nothing to do - all my evil was done at import time
    # when the class object was created. Probably at the 
    # time that the unpickler imported the evil module to 
    # grab the Evil class. 

Brian Lloyd        brian at
Software Engineer  540.371.6909              
Digital Creations 

More information about the Python-list mailing list