[Python-ideas] Adding a safe alternative to pickle in the standard library

[Devin Jeanpierre]

I've been noticing a lot of security-related issues being discussed in
the Python world since the Ruby YAML problemcame out. Is it time to
consider adding an alternative to pickle that is safe(r) by default?

Pickle is usable in situations few other things are, because it can
handle cyclic references and virtually any python object. The only
stdlib alternative I'm aware of is json, which can do neither of those
things. (Or at least, not without significant extra serialization
code.) I would imagine that any alternative supplied should be easy
enough to use that pickle users would seriously consider switching,
and include at least those features.

The benefit of using a secure alternative to pickle is that it
increases the difficulty of creating an insecure application, even for
those that are aware of the risks of the pickle module. With the
pickle module, you are one mistake away from an insecure program: all
you need is to have a way for the attacker to influence input to
pickle. With a secure alternative, even if you make that mistake, it
doesn't immediately result in a compromised application. You would
need another mistake on top of that that results in the deserialized
input being used improperly.

The only third party library I'm aware of that attempts to be a
safe/usable pickle replacement is cerealizer[1]_. Would it be
worth considering adding cerealizer, or something like it, to the
stdlib?

.. [1]: http://home.gna.org/oomadness/en/cerealizer/index.html

-- Devin