pickle is considered harmful please do not use it

ACueva / googlecl

Automatically exported from code.google.com/p/googlecl

0 stars 0 forks source link

pickle is considered harmful please do not use it #123

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago


pickle is considered harmful please do not use it.
http://nadiana.com/python-pickle-insecure

Original issue reported on code.google.com by Black.D....@gmail.com on 21 Jun 2010 at 1:45

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

The article you cite doesn't apply in this situation - it is about unpickling 
arbitrary data from potentially malicious sources, not locally-authored and 
stored files.

Original comment by macdonellba on 21 Jun 2010 at 4:30

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

Um. Ok - tell me how the pickled data is trusted given it is a combination of 
saved resources including some fetched from an internet location. 
Yes to quote the python documentation:

"
*Warning

The pickle module is not intended to be secure against erroneous or maliciously 
constructed data. Never unpickle data received from an untrusted or 
unauthenticated source.
"
So ... um the internet resource fits 'untrusted' source.

Original comment by Black.D....@gmail.com on 21 Jun 2010 at 5:02

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

I should add that yes usually it is 'ok'. Nothing bad happens. But from my 
experimentation - it is easy to introduce a security flaw by the use of pickle. 
The order or the way the unpickling / pickling matters and the way it is a 
addresses - it is trivial to screw up. Also, there is no real point in using 
pickle in this code anyway.

Original comment by Black.D....@gmail.com on 21 Jun 2010 at 5:06

GoogleCodeExporter commented 9 years ago

The data being unpickled has _not_ been received from an untrusted source. The 
pickle objects themselves were created locally, and there is no way to generate 
valid python data which is pickled to a compromised state. The risk is in 
unpickling data received from the remote server, which is not happening.

Original comment by macdonellba on 21 Jun 2010 at 5:32

GoogleCodeExporter commented 9 years ago

Can we agree that the code does not need to use pickle?

Original comment by Black.D....@gmail.com on 21 Jun 2010 at 5:36

GoogleCodeExporter commented 9 years ago

Start with a patch. How would you remove pickle?

Original comment by joseph.a...@gmail.com on 21 Jun 2010 at 5:45

GoogleCodeExporter commented 9 years ago

From what I have seen pickle is only being used to store account credential and 
auth tokens - which do not belong in pickle files.

Therefore I would use gnome-keyring or a keyring... 
Python config files work too.

http://www.google.com/codesearch?q=pickle+package%3Ahttp%3A%2F%2Fgooglecl\.googl
ecode
\.com&origq=pickle&btnG=Search+Trunk

Original comment by Black.D....@gmail.com on 21 Jun 2010 at 5:52