marshal vs pickle

Jean-Paul Calderone exarkun at
Thu Nov 1 21:59:26 CET 2007

On Thu, 01 Nov 2007 20:35:15 -0000, Aaron Watters <aaron.watters at> wrote:
>On Nov 1, 2:15 pm, Raymond Hettinger <pyt... at> wrote:
>> On Nov 1, 4:45 am, Aaron Watters <aaron.watt... at> wrote:
>> > Marshal is more secure than pickle
>> "More" or "less" make little sense in a security context which
>> typically is an all or nothing affair.  Neither module is designed for
>> security.  From the docs for marshal:
>> '''
>> Warning: The marshal module is not intended to be secure against
>> erroneous or maliciously constructed data. Never unmarshal data
>> received from an untrusted or unauthenticated source.
>> '''
>> If security is a focus, then use xmlrpc or some other tool that
>> doesn't construct arbitrary code objects.
>I disagree.  Xmlrpc is insecure if you compile
>and execute  one of the strings
>you get from it.  Marshal is similarly insecure if you evaluate a code
>object it hands you.  If you aren't that dumb, then neither one
>is a problem.  As far as I'm concerned marshal.load is not any
>more insecure than

You're mistaken.

  $ python
  Python 2.4.3 (#2, Oct  6 2006, 07:52:30)
  [GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import marshal
  >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\')
  Segmentation fault

Plenty of other nasty stuff can happen when you call marshal.loads, too.


More information about the Python-list mailing list