is there a safe marshaler?
cmkl
cmkleffner at gmx.de
Fri Feb 11 09:34:07 EST 2005
Irmen de Jong <irmen.NOSPAM at xs4all.nl> wrote in message news:<420b9135$0$28982$e4fe514c at news.xs4all.nl>...
> Pierre Barbier de Reuille wrote:
> > Irmen de Jong a écrit :
> >
> >> Pickle and marshal are not safe. They can do harmful
> >> things if fed maliciously constructed data.
> >> That is a pity, because marshal is fast.
> >> I need a fast and safe (secure) marshaler.
> >> Is xdrlib the only option?
> >> I would expect that it is fast and safe because
> >> it (the xdr spec) has been around for so long.
> >>
> >> Or are there better options (perhaps 3rd party libraries)?
> >>
> >> Thanks
> >>
> >> Irmen.
> >
> >
> > What exactly do you mean by "safe" ? Do you want to ensure your objects
> > cannot receive corrupted data ? Do you want to ensure no code will be
> > evaluated during the unmarshalling ?
>
> "safe (secure)"
> But to be more precise, let's look at the security warning that
> is in the marshal documentation:
> "The marshal module is not intended to be secure against erroneous or
> maliciously constructed data. Never unmarshal data received from an
> untrusted or unauthenticated source."
>
> So essentially I want the opposite of that ;-)
>
> I want a marshalar that is okay to use where the data it processes
> comes from unknown, external sources (untrusted). It should not crash
> on corrupt data and it should not execute arbitrary code when
> unmarshaling, so that it is safe against hacking attempts.
>
> Oh, preferrably, it should be fast :)
> Some XML-ish thing may be secure but is likely to be not fast at all.
>
> Ideally it should be able to transfer user defined Python types,
> but if it is like marshal (can only marshal builtin types) that's
> okay too.
>
> --Irmen
I'm just curious,
but can't effbot's fast cElementree be used for PYROs XML_PICKLE
and would it be safe and fast enough?
Carl
More information about the Python-list
mailing list