Marc-Andre Lemburg <m...@egenix.com> added the comment: Jean-Paul Calderone wrote: > > Jean-Paul Calderone <exar...@twistedmatrix.com> added the comment: > >> This is a security feature and should not be broken ! > > Can you explain this? > > I don't think I agree, since an attacker can always serialize whatever they > feel like. It's the person doing the deserialization that has to be careful.
The marshal protocol which is used for storing PYC files has support for serializing code objects. The support on pickles, which are meant for data serialization, was not added per default to prevent unwanted code execution during deserialization, but instead made possible via pickle hooks, so as to make the decision to support code serialization an explicit application choice. By adding default support for unpickling code objects, you can trick the unpickling code into executing serialized code: first you add a serialized version of a malicious class definition, then you add an object of that class to the pickle. At object restore time, the malicious class can then run os.system('rm -rf /')... ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9276> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com