secure unpickle?
John J. Lee
jjl at pobox.com
Mon Jan 19 16:09:45 EST 2004
"Tim Peters" <tim.one at comcast.net> writes:
> [Gandalf]
> > ...
> >> I'm using this module (based on the documentation you mentioned):
> >> ...
>
> [John J. Lee]
> > What does this have to do with the question? He was worried about
> > security of pickle, not asking how to call dumps() and loads().
>
> Look at Gandalf's code again. The pickler is unremarkable, but the
> unpickler contains the assignment:
>
> p.find_global = None
>
> As his loads docstring said, "this function will not unpickle globals and
> instances" as a result.
Aha.
I see from past messages that this is thought to solve the security
problems (for this restricted case), at least by Martin v. Loewis, but
also that Paul Rubin believes a careful audit would be required to
have confidence in it (whether that's FUD, as Martin accuses, or
sensible caution, I have no idea...).
http://www.google.com/groups?threadm=mailman.1012591743.10841.python-list%40python.org
John
More information about the Python-list
mailing list