[Python-ideas] An official complaint regarding the marshal and pickle documentation

Wed Mar 5 20:46:37 CET 2008

I'd also agree, that the warning should be really prominent (especially since 
I just saw someone saying "for game states: Just pickle them", which could 
result in people getting problems when they get a mail saying "hey, look, I 
got to the 14th level"), but I don't think the warning was irresponsibly 
small. 

At least I saw it, when I began to learn python (but I had forgotten it until 
now). 

Maybe it could be replaced by yaml at some point, though, which offers a mode 
that doesn't execute everything (safe_load): 

http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML

"safe_load(stream) parses the given stream and returns a Python object 
constructed from for the first document in the stream. If there are no 
documents in the stream, it returns None. safe_load recognizes only standard 
YAML tags and cannot construct an arbitrary Python object."

And there's also a C implementation: http://pyyaml.org/browser/libyaml/trunk
Which can be relicensed under the Python License: 
http://pyyaml.org/browser/libyaml/trunk/LICENSE

Or pickle could get a safe_load function itself (if it doesn't yet have it). 

Best wishes, 
Arne

El Wednesday, 5 de March de 2008 18:36:56 Guido van Rossum escribió:
> I'm assuming that someone confronted you with this security issue
> somehow? Otherwise I don't understand why you'd be so upset about it.
>
> BTW the warning for marshal is legit -- the C code that unpacks
> marshal data has not been carefully analyzed against buffer overflows
> and so on. Remember the first time someone broke into a system through
> a malicious JPEG? The same could happen with marshal. Seriously.
>
> I agree that the pickle module's warning needs to be moved to a more
> prominent place (Georg has probably aready done this by the time I'm
> finished typing this message :-). But I see no reason to get so upset
> about it as to use all caps.
>
> --Guido
>
> On Wed, Mar 5, 2008 at 8:11 AM, Aaron Watters <aaron.watters at gmail.com> 
wrote:
> > In response to Oleg and George.
> >
> > Yes apparently there is an acknowledgement in some subordinate page
> > somewhere that there might be some problem with security and pickle. 
> > This should be on the first page in bold face like the unneeded one for
> > marshal. I missed it just now because I just looked at the first page for
> > marshal and pickle, like most people probably would, sorry.
> >
> > Also this line from the marshal doc has got to go:
> >
> > "For general persistence and transfer of Python objects through RPC
> > calls, see the modules pickle and shelve. "
> > http://docs.python.org/lib/module-marshal.html
> >
> > which should read
> > "For RPC calls never use pickle."
> >
> > And the security warning for marshal benieth it should be removed because
> > it is nonsense.
> >
> > The implication of the current documentation is that most of my public
> > projects contain serious security holes when they don't.
> >  And if you don't read the documentation carefully (like the implementers
> > of Plone apparently didn't) the docs seem to suggest
> > that pickle is somehow "safer" when it is about as unsafe as it could be.
> >
> > -- Aaron Watters
> >
> >
> > _______________________________________________
> >  Python-ideas mailing list
> >  Python-ideas at python.org
> >  http://mail.python.org/mailman/listinfo/python-ideas

-- 
Unpolitisch sein
Heißt politisch sein
Ohne es zu merken. 
- Arne Babenhauserheide ( http://draketo.de )
-- Weblog: http://blog.draketo.de

-- Mein öffentlicher Schlüssel (PGP/GnuPG): 
http://draketo.de/inhalt/ich/pubkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20080305/56b93a26/attachment.pgp>