Pickled objects over the network

Hendrik van Rooyen mail at microcorp.co.za
Tue Jul 24 02:59:27 EDT 2007 

"Steve Holden"  wrote:

> It's difficult to establish, and then correctly implement, almost any
> security protocol without leaving cracks that attackers can lever open
> and use to inject code into your process's memory space.

I can accept this - its difficult enough to write a receiver that syncs up
and produces correctly that which was transmitted for all concievable
input, without even worrying about evil input - so a string can contain code,
and there is not a hell of a lot that you can do about it on the receiving side,
when all the rest of the framing and error checking is correctly presented.

It seems to me that the threat is not so much having evil code lying
around in the machine's memory, but the mechanism for actually
executing it.  - If you think about it, your PC's memory normally has a
lot of stuff in it that is ultra poisonous if it were to be executed - any
data table or image would soon crash if executed as code.

So it seems to me that to be safe, you can only transfer highly structured
data, and not live objects, as objects tend to get control at some stage...

>
> By all means go ahead and hack on pickle to do what you want to. Just
> don't claim your solution is secure without a thorough review.
>

I am not the OP, and I have had a (very) brief look at the code in the
pickle module - and when I saw it was still using marshal, I did not follow
through. - but from what I can understand of it, the whole functionality
would probably have to be crippled to the point of just transferring
very simple structures to make it secure. - it seems to be a mini stack
based language, driven by its input.

So after all this hoo haw - I find myself kind of agreeing with Steve Holden. -
a secure pickle is not the way to go.

Damn!   : - )

But more seriously - is there any need for a simple serialiser that will
be able to be used to transfer a subset of the built in types over an
open network in a safe manner, for the transfer of things like lists of
parameters?

Or am I the only person in the squad that hears this particular drum?

- Hendrik

More information about the Python-list mailing list