Is unpickling data a security risk?
Brian Lloyd
Brian at digicool.com
Tue May 23 10:17:19 EDT 2000
> > does the act of unpickling cause any code in the pickled object to
> > be executed?
>
> No. As far as I'm aware, the standard pickle module
> doesn't pickle or unpickle code objects, for precisely
> this reason. So you should be safe.
Well - for some value of 'safe' :^) Note that if you do not
have absolute trust in the source of the pickle and the
unpickling environment, this can still be a little scary,
even though code objects aren't in the pickle.
An (admittedly extreme) example - if someone can arrange for an
evil class like the following to be available to the unpickling
environment (or if they happen to know of a class already available
in that environment that may do similar bad or inappropriate
things), you'd be in trouble if someone sent you an Evil object
to unpickle:
# module evil
import os
class Evil:
"""Am I evil? Yes I am."""
# spelling changed to protect the innocent
os.system("rmm -rf *")
def __init__(self):
# nothing to do - all my evil was done at import time
# when the class object was created. Probably at the
# time that the unpickler imported the evil module to
# grab the Evil class.
pass
Brian Lloyd brian at digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com
More information about the Python-list
mailing list