[Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages)
Glyph Lefkowitz
glyph at twistedmatrix.com
Thu Nov 4 21:25:47 CET 2010
On Nov 4, 2010, at 12:49 PM, Guido van Rossum wrote:
> What's the attack you're thinking of on marshal? It never executes any
> code while unmarshalling (although it can unmarshal code objects --
> but the receiving program has to do something additionally to execute
> those).
These issues may have been fixed now, but a long time ago I recall seeing some nasty segfaults which looked exploitable when feeding marshal malformed data. If they still exist, running a fuzzer on some pyc files should reveal them pretty quickly.
When I ran across them I didn't think much of them, and probably did not even report the bug, since marshal is mostly used to load code anyway, which is implicitly trusted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20101104/7728219c/attachment.html>
More information about the Python-Dev
mailing list