is there a safe marshaler?
guido@python.org
gvanrossum at gmail.com
Thu Feb 10 11:10:28 EST 2005
Irmen de Jong wrote:
> Pickle and marshal are not safe. They can do harmful
> things if fed maliciously constructed data.
> That is a pity, because marshal is fast.
I think marshal could be fixed; the only unsafety I'm aware of is that
it doesn't always act rationally when confronted with incorrect input
like bad type codes or truncated input. It only receives instances of
the built-in types and it never executes user code as a result of
unmarshalling.
Perhaps someone would be interested in submitting a patch to the
unmarshalling code? Since this is a security fix we'd even accept a fix
for 2.3.
> I need a fast and safe (secure) marshaler.
> Is xdrlib the only option?
> I would expect that it is fast and safe because
> it (the xdr spec) has been around for so long.
I don't expect that to be particularly fast, since it mostly operates
at Python speed. I think it could be safe but I would still do a
thorough code review if I were you -- the code is older than my
awareness of the vulnerabilities inherent in this kind of remote data
transfer.
--Guido
More information about the Python-list
mailing list