marshal vs pickle

Aaron Watters aaron.watters at gmail.com
Thu Nov 1 22:15:06 CET 2007


On Nov 1, 4:59 pm, Jean-Paul Calderone <exar... at divmod.com> wrote:
> On Thu, 01 Nov 2007 20:35:15 -0000, Aaron Watters <aaron.watt... at gmail.com> wrote:
> >On Nov 1, 2:15 pm, Raymond Hettinger <pyt... at rcn.com> wrote:
> >> On Nov 1, 4:45 am, Aaron Watters <aaron.watt... at gmail.com> wrote:
>
> >> > Marshal is more secure than pickle
>
> >> "More" or "less" make little sense in a security context which
> >> typically is an all or nothing affair.  Neither module is designed for
> >> security.  From the docs for marshal:
>
> >> '''
> >> Warning: The marshal module is not intended to be secure against
> >> erroneous or maliciously constructed data. Never unmarshal data
> >> received from an untrusted or unauthenticated source.
> >> '''
>
> >> If security is a focus, then use xmlrpc or some other tool that
> >> doesn't construct arbitrary code objects.
>
> >I disagree.  Xmlrpc is insecure if you compile
> >and execute  one of the strings
> >you get from it.  Marshal is similarly insecure if you evaluate a code
> >object it hands you.  If you aren't that dumb, then neither one
> >is a problem.  As far as I'm concerned marshal.load is not any
> >more insecure than file.read.
>
> You're mistaken.
>
>   $ python
>   Python 2.4.3 (#2, Oct  6 2006, 07:52:30)
>   [GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
>   Type "help", "copyright", "credits" or "license" for more information.
>   >>> import marshal
>   >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\')
>   Segmentation fault
>
> Plenty of other nasty stuff can happen when you call marshal.loads, too.

I'll grant you the above as a denial of service attack.  You are right
that I was mistaken in that sense.  (btw, it doesn't core dump for
2.5.1)

That is/was a bug in marshal.  Someone should fix it.  Properly
implemented,
marshal is not fundamentally insecure.  Can you give me an example
where someone can erase the filesystem using marshal.load?  I saw one
for pickle.load once.

  -- Aaron Watters

===
http://www.xfeedme.com/nucular/pydistro.py/go?FREETEXT=chocolate




More information about the Python-list mailing list