Is unpickling data a security risk?
Brian at digicool.com
Tue May 23 16:17:19 CEST 2000
> > does the act of unpickling cause any code in the pickled object to
> > be executed?
> No. As far as I'm aware, the standard pickle module
> doesn't pickle or unpickle code objects, for precisely
> this reason. So you should be safe.
Well - for some value of 'safe' :^) Note that if you do not
have absolute trust in the source of the pickle and the
unpickling environment, this can still be a little scary,
even though code objects aren't in the pickle.
An (admittedly extreme) example - if someone can arrange for an
evil class like the following to be available to the unpickling
environment (or if they happen to know of a class already available
in that environment that may do similar bad or inappropriate
things), you'd be in trouble if someone sent you an Evil object
# module evil
"""Am I evil? Yes I am."""
# spelling changed to protect the innocent
os.system("rmm -rf *")
# nothing to do - all my evil was done at import time
# when the class object was created. Probably at the
# time that the unpickler imported the evil module to
# grab the Evil class.
Brian Lloyd brian at digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com
More information about the Python-list