Securing 'pickle'

[David McNab]

Hi,

I'm writing a web app framework which stores pickles in client cookies.

The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
tampering with the cookie and malforming it in an attempt to get the
server-side python code to run arbitrary code, or something similarly
undesirable.

To protect against this, I've subclassed pickle.Unpickler, and added
overrides of the methods load_global, load_inst, load_obj and find_class.

My override methods simply raise exceptions unconditionally, which causes
any unpickle to fail if the pickle tries to unpack anything even
resembling code or an object.

I did this in preference to using the reputable 'bencode' module from
BitTorrent, because bencode doesn't support floats.

My question - have I done enough, or are there still ways where my hobbled
unpickler could be subverted by a malformed cookie?

Cheers
David