Convert String to Dictionary question

Jason Orendorff jason at jorendorff.com
Tue Feb 26 02:11:18 CET 2002


Fredrik Lundh wrote:
> it's fairly trivial to construct a pickle string that calls
> eval or os.system with arbitrary arguments.

Andrew Dalke wrote:
> In http://groups.google.com/groups?selm=9slgqh%24ffm%241%
> 40slb2.atl.mindspring.net&output=gplain
> I show how to delete an arbitrary file using pickle (note:
> doesn't work with cPickle, but there are any other attacks I
> didn't try).

For what it's worth, *this* particular hole seems to have been
patched.  But pickle can still call class constructors and
__setstate__ methods and so forth, and it seems to me that
plenty of standard lib constructors do at least a little disk
access and socket stuff.  So it's still not safe.

(in Python 2.2)
>>> t = "(S'filename.txt'\012p1\012ios\012unlink\012p2\012(dp3\012b."
>>> pickle.loads(t)
pickle.UnpicklingError:
    <built-in function unlink> is not safe for unpickling
>>> cPickle.loads(t)
cPickle.UnpicklingError:
    <built-in function unlink> is not safe for unpickling

## Jason Orendorff    http://www.jorendorff.com/




More information about the Python-list mailing list