marshal vs pickle
Aaron Watters
aaron.watters at gmail.com
Fri Nov 2 09:04:04 EDT 2007
On Nov 1, 11:42 pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> Aaron Watters <aaron.watt... at gmail.com> writes:
> > > >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\')
> > > Segmentation fault
> > >...
> > I'll grant you the above as a denial of service attack. ...
> > Can you give me an example
> > where someone can erase the filesystem using marshal.load?
>
> You should always assume that if an attacker can induce a memory fault
> (typically through a buffer overflow) then s/he can inject and run
> arbitrary machine code ...
Yes yes yes, but this takes an extraordinary amount of skill
and criminal malice. With pickle an innocent person
on another continent could potentially delete all the files
on your computer by accident.
In summary my view is this.
- pickle is way too complicated and not worth the
extra overhead and danger in most cases.
- marshal is an excellent tool for getting
large amounts of data in and out of Python that
can be much faster than pickle and is always
much less dangerous than pickle. I think it's safe
enough for most RPC uses, for example.
- It's a damn shame that the Python developers
can't be bothered to make marshal portable across
platforms and versions. It's a silly mistake.
Sorry for all the fuss.
-- Aaron Watters
===
http://www.xfeedme.com/nucular/pydistro.py/go?FREETEXT=limiting+perl
More information about the Python-list
mailing list