pickle and security

Ben Hutchings do-not-spam-ben.hutchings at businesswebsoftware.com
Fri Apr 11 11:56:30 CEST 2003

In article <m3wui2gjuw.fsf at mira.informatik.hu-berlin.de>, Martin v. Löwis wrote:
> "Jason Miller" <jmiller at physics.purdue.edu> writes:
>> As I understand it, the major security issue with unpickling untrusted
>> sources is that it may cause python to instantiate objects, calling
>> constructors that could do just about anything.  If I only want to
>> unpickle objects that are not class instances, and (using cPickle) I set
>> find_global to None, are there any security concerns that remain?
> Depending on your version of cPickle, it also contains a call to eval,
> to unpickle a string. This is believed to be safe (as only safe
> strings are passed to eval), but you may want to review that specific
> fragment of code.

What about the attack suggested in
<mailman.1049909846.24938.python-list at python.org> (which is to use
"".__class__.__class__.__subclasses__("".__class__.__base__) to access
supposedly inaccessible classes)?

More information about the Python-list mailing list