On Nov 1, 11:42 pm, Paul Rubin <http://[EMAIL PROTECTED]> wrote: > Aaron Watters <[EMAIL PROTECTED]> writes: > > > >>> marshal.loads('RKp,U\xf7`\xef\xe77\xc1\xea\xd8\xec\xbe\\') > > > Segmentation fault > > >... > > I'll grant you the above as a denial of service attack. ... > > Can you give me an example > > where someone can erase the filesystem using marshal.load? > > You should always assume that if an attacker can induce a memory fault > (typically through a buffer overflow) then s/he can inject and run > arbitrary machine code ...
Yes yes yes, but this takes an extraordinary amount of skill and criminal malice. With pickle an innocent person on another continent could potentially delete all the files on your computer by accident. In summary my view is this. - pickle is way too complicated and not worth the extra overhead and danger in most cases. - marshal is an excellent tool for getting large amounts of data in and out of Python that can be much faster than pickle and is always much less dangerous than pickle. I think it's safe enough for most RPC uses, for example. - It's a damn shame that the Python developers can't be bothered to make marshal portable across platforms and versions. It's a silly mistake. Sorry for all the fuss. -- Aaron Watters === http://www.xfeedme.com/nucular/pydistro.py/go?FREETEXT=limiting+perl -- http://mail.python.org/mailman/listinfo/python-list