[Python-Dev] Cookie.py security
Fredrik Lundh
Fredrik Lundh" <effbot@telia.com
Thu, 31 Aug 2000 08:41:20 +0200
jeremy wrote:
> I would guess that pickle makes attacks easier: It has more features,
> e.g. creating instances of arbitrary classes (provided that the attacker
> knows what classes are available).
well, if not else, he's got the whole standard library to
play with...
:::
(I haven't looked at the cookie code, so I don't really know
what I'm talking about here)
cannot you force the user to pass in a list of valid classes to
the cookie constructor, and use a subclass of pickle.Unpickler
to get a little more control over what's imported:
class myUnpickler(Unpicker):
def __init__(self, data, classes):
self.__classes = classes
Unpickler.__init__(self, StringIO.StringIO(data))
def find_class(self, module, name):
for cls in self.__classes__:
if cls.__module__ == module and cls.__name__ == name:
return cls
raise SystemError, "failed to import class"
> But neither marshal nor pickle is safe. It is possible to cause a
> core dump by passing marshal invalid data. It may also be possible to
> launch a stack overflow attack -- not sure.
</F>