Developing a network protocol with Python

Paul Rubin http
Wed Dec 14 14:12:56 CET 2005

Laszlo Zsolt Nagy <gandalf at> writes:
> But how can I transfer pure python objects otherwise? Pyro also uses
> Pickle and it also transfers bytecode.

Pyro in the past used pickle in an insecure way.  I'd heard it had
been fixed and I didn't realize it still uses pickle.

> I read somewhere that Pickle had a security problem before Python 2.2,
> but after 2.2 it has been solved.

If you use pickle in the obvious way, it's definitely still insecure.
There is some info in the docs about how to use some special pickle
features to protect yourself from the insecurity, but you have to go
out of your way for that.  I'm skeptical that they really protect you
in all cases, so I'd avoid unpickling any untrusted data.  But I don't
know a specific exploit

> BTW how CORBA or COM does this? They can do object marshaling safely.

I think they don't let you marshal arbitrary class instances and have
the class constructors called as part of demarshalling (COM anyway, I
don't know about CORBA).

>  Can we do the same with Python?

Yes, of course, it's possible in principle, but pickle doesn't do it
that way.

See SF RFE #467384 and bug #471893 for some more discussion of this.
Basically I think these issues are better understood now than they
were a few years ago.

> Isn't it enough to implement find_global of a cPickler ?

I can't definitely say the answer is no but I feel quite paranoid
about it.  The cPickle code needs careful review which I don't think
it's gotten.  It was not written with security in mind, though some
security hacks were added as afterthoughts.  I continue to believe
that Python should have a deserializer designed to be absolutely
bulletproof no matter what anyone throws at it, and it doesn't
currently have one.  I've gotten by with limited, ad hoc wire formats
for the applications where I've needed them.

More information about the Python-list mailing list