Safe Pickling

[Paul Rubin]

Heiko Wundram <heiko at ph0enix.homelinux.org> writes:
> <quote>
> Warning: The marshal module is not intended to be secure against
> erroneous or maliciously constructed data. Never unmarshal data received
> from an untrusted or unauthenticated source.
> </quote>

I've examined the marshal source code from Python 2.2 (or was it 2.1)
and didn't see any obvious ways that merely unmarshalling malicious
data could hurt you.  The danger is in what you DO with the data once
you've unmarshalled it.  I.e.  the marshalled data could contain nasty
compiled bytecode that will clobber you if you run it.  But the
unmarshaller itself doesn't run the code.  You're left with the
responsibility of checking the stuff that comes back from the
unmarshaller and making sure it only contains what you expect.

There is, of course, a danger that some future version of the
unmarshaller could actually run the nasty code, or use a data format
incompatible with the current versions, so that two network peers
running different versions of Python couldn't interoperate via
marshalled objects.  It's also possible that I missed something when I
checked the 2.2 sources.  But the unmarshal code is much simpler than
the unpickle code and has fewer places to go wrong.