How much is set in stone?

Paul Rubin phr-n2001d at
Sun Nov 11 18:27:56 CET 2001

Erno Kuusela <erno-news at> writes:
> | Basically if you unpickle a string that came from an untrusted source
> | (say, a browser cookie from the Cookie module), the string can make
> | pickle load arbitrary modules and call arbitrary object constructors
> | in your application.  The docs for the cookie module mention this and
> | there's an bug open on sourceforge to fix the pickle docs.
> oh, that. but it is a deliberate design choice.  if you want to take
> python to task for these sorts of features, eval() or input() are much
> "worse". or even marshal. i agree the pickle documentation should
> mention this as the first thing in big friendly letters.

In fact it does the opposite--both the documentation and the pickle
implementation (look at the "security" check for pickled strings)
appear written with the idea that unickling is intended to be safe for
untrusted strings.  If you look at docs for the Cookie module, you see
that it originally used pickle in precisely this dangerous way.  If
that got past the maintainers who allowed the Cookie module to be
shipped with the Python library, what chance do most ordinary users

Re marhsal: is it dangerous to unmarshal an untrusted string?  Yes, I
know that marshalled strings can contain code objects, but
unmarshalling the strings doesn't actually RUN such code objects, as
far as I know.  I haven't examined marshal super-carefully though.

I think that input() evalling the stuff it reads is also a poor design
choice, but at least it's documented.

More information about the Python-list mailing list