Hello Guido
[EMAIL PROTECTED] wrote:
Irmen de Jong wrote:
Pickle and marshal are not safe. They can do harmful things if fed maliciously constructed data. That is a pity, because marshal is fast.
I think marshal could be fixed; the only unsafety I'm aware of is that it doesn't always act rationally when confronted with incorrect input like bad type codes or truncated input. It only receives instances of the built-in types and it never executes user code as a result of unmarshalling.
So it is not vulnerable in the way that pickle is? That's a start. The security warning in the marsal doc then makes it sound worse than it is...
Perhaps someone would be interested in submitting a patch to the unmarshalling code? Since this is a security fix we'd even accept a fix for 2.3.
That would be nice indeed :)
I need a fast and safe (secure) marshaler. Is xdrlib the only option? I would expect that it is fast and safe because it (the xdr spec) has been around for so long.
I don't expect that to be particularly fast, since it mostly operates at Python speed.
Ah, I wasn't aware that xdrlib was implemented in Python :) I thought it used a (standard?) C-implementation. But I now see that it's a Python module (utilizing struct).
I think it could be safe but I would still do a thorough code review if I were you -- the code is older than my awareness of the vulnerabilities inherent in this kind of remote data transfer.
Thanks for the warning.
--Irmen de Jong -- http://mail.python.org/mailman/listinfo/python-list
