Message112450
Jean-Paul Calderone wrote:
>
> Jean-Paul Calderone <exarkun@twistedmatrix.com> added the comment:
>
>> This is a security feature and should not be broken !
>
> Can you explain this?
>
> I don't think I agree, since an attacker can always serialize whatever they feel like. It's the person doing the deserialization that has to be careful.
The marshal protocol which is used for storing PYC files has support
for serializing code objects.
The support on pickles, which are meant for data serialization, was not added
per default to prevent unwanted code execution during deserialization,
but instead made possible via pickle hooks, so as to make the decision
to support code serialization an explicit application choice.
By adding default support for unpickling code objects, you can trick
the unpickling code into executing serialized code: first you add
a serialized version of a malicious class definition, then you add
an object of that class to the pickle. At object restore time, the
malicious class can then run os.system('rm -rf /')... |
|
Date |
User |
Action |
Args |
2010-08-02 12:12:43 | lemburg | set | recipients:
+ lemburg, exarkun, belopolsky |
2010-08-02 12:12:42 | lemburg | link | issue9276 messages |
2010-08-02 12:12:41 | lemburg | create | |
|