pickle security

[Paul Rubin]

Martin von Loewis <loewis at informatik.hu-berlin.de> writes:
> Apart from feeling uncomfortable, can you point to a real
> counter-example? The code to deal with quoted strings is designed to
> check that there it is nothing but a quoted string.

The code to deal with quote strings calls eval, and without actually
examining the eval implementation (big, complicated) there's no way to
confirm that it can't somehow run arbitrary code found in the string.

> So, apart from setting find_global, I don't think there are any
> further issues to be aware of.

One remaining issue is that the string is handed off to a very
complicated and flexible piece of code (the evaluator) that an
attacker might exploit somehow.  We shouldn't assume the absence of
exploits just because the exploits aren't immediately there to be
seen.  Microsoft does that and that's why we keep hearing about new
exploits being discovered in Microsoft products.  The code has to be
checked thoroughly, which is easier to do when the code is simple.

There's a big difference between ordinary good programming
(programming to avoid leaving bugs that can make the program fail by
accident or error) and writing secure programs (programming to thwart
malicious, intelligent, persistent attackers deliberately trying to
make the program fail and are willing to spend more effort analyzing
and attacking the program than the programmer spent writing it).

Writing secure programs (programs intended to be exploit-free even
when operated by hostile entities) is extremely difficult and has to
be done very carefully, thinking about security every step of the way.
Most programs including Python weren't written that way.  Therefore,
any interface between Python and potential attackers--that includes
stuff like the socket libraries and also turns out to include the
pickle module--should very thoroughly isolate the main Python
interpreter from potentially hostile data til the data has been
examined.  If you use Perl's taint-checking feature for a while you'll
see how easy it is to overlook stuff--it often catches things that I
miss.  I wish Python had a similar feature.  In any case, I wish the
pickle module didn't call eval for something as simple as handling
quoted strings.

You might read the book "Security Engineering", by Ross Anderson, to
get an idea of what you're up against when trying to program a secure
system.