[Python-ideas] Adding a safe alternative to pickle in the standard library

[Stephen J. Turnbull]

Steve Dower writes:

 > > There are no bugs that allow a back door, right? 
 > 
 > Of course not. That's why we never see security patches or updates
 > for operating systems or platforms. This is a silly argument.

"Of course not."  The right answer is that "it's been audited and
we're as sure as we ever are."  The problem is that (as Devin
Jeanpierre wrote IIRC) pickle was not designed for security from the
ground up.  Removing execution of untrusted code from it may not be as
easy as just saying so.  Maybe it is.

 > > Is the API sufficiently well-designed that users will easily
 > > figure out how to do what they need, and *only* what they need,
 > > and therefore won't be tempted to simply turn on permission to do
 > > *everything*?
 > 
 > All we can ever do is provide instructions to keep the developer
 > safe and make it clear that ignoring those rules will reduce the
 > security of their program. It's up to the developer to make the
 > right decisions.

But that's not enough.  What others have said here is that json
doesn't get used when it would be perfectly suitable (and as secure as
serialization gets!) because the API doesn't provide convenient access
to the features they need.

 > Agreed. I don't think we need a new protocol though, just a less
 > permissive default implementation of Unpickler.find_class().

The proof of the pudding is in the auditing, I guess.