This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients belopolsky, exarkun, lemburg
Date 2010-08-02.12:12:41
SpamBayes Score 0.00048169313
Marked as misclassified No
Message-id <4C56B638.3050708@egenix.com>
In-reply-to <1280750498.75.0.275749340684.issue9276@psf.upfronthosting.co.za>
Content
Jean-Paul Calderone wrote:
> 
> Jean-Paul Calderone <exarkun@twistedmatrix.com> added the comment:
> 
>> This is a security feature and should not be broken !
> 
> Can you explain this?
> 
> I don't think I agree, since an attacker can always serialize whatever they feel like.  It's the person doing the deserialization that has to be careful.

The marshal protocol which is used for storing PYC files has support
for serializing code objects.

The support on pickles, which are meant for data serialization, was not added
per default to prevent unwanted code execution during deserialization,
but instead made possible via pickle hooks, so as to make the decision
to support code serialization an explicit application choice.

By adding default support for unpickling code objects, you can trick
the unpickling code into executing serialized code: first you add
a serialized version of a malicious class definition, then you add
an object of that class to the pickle. At object restore time, the
malicious class can then run os.system('rm -rf /')...
History
Date User Action Args
2010-08-02 12:12:43lemburgsetrecipients: + lemburg, exarkun, belopolsky
2010-08-02 12:12:42lemburglinkissue9276 messages
2010-08-02 12:12:41lemburgcreate