is there a safe marshaler?
Irmen de Jong
irmen.NOSPAM at xs4all.nl
Thu Feb 10 11:52:04 EST 2005
Pierre Barbier de Reuille wrote:
> Irmen de Jong a écrit :
>
>> Pickle and marshal are not safe. They can do harmful
>> things if fed maliciously constructed data.
>> That is a pity, because marshal is fast.
>> I need a fast and safe (secure) marshaler.
>> Is xdrlib the only option?
>> I would expect that it is fast and safe because
>> it (the xdr spec) has been around for so long.
>>
>> Or are there better options (perhaps 3rd party libraries)?
>>
>> Thanks
>>
>> Irmen.
>
>
> What exactly do you mean by "safe" ? Do you want to ensure your objects
> cannot receive corrupted data ? Do you want to ensure no code will be
> evaluated during the unmarshalling ?
"safe (secure)"
But to be more precise, let's look at the security warning that
is in the marshal documentation:
"The marshal module is not intended to be secure against erroneous or
maliciously constructed data. Never unmarshal data received from an
untrusted or unauthenticated source."
So essentially I want the opposite of that ;-)
I want a marshalar that is okay to use where the data it processes
comes from unknown, external sources (untrusted). It should not crash
on corrupt data and it should not execute arbitrary code when
unmarshaling, so that it is safe against hacking attempts.
Oh, preferrably, it should be fast :)
Some XML-ish thing may be secure but is likely to be not fast at all.
Ideally it should be able to transfer user defined Python types,
but if it is like marshal (can only marshal builtin types) that's
okay too.
--Irmen
More information about the Python-list
mailing list