On Friday, November 5, 2010,  <exar...@twistedmatrix.com> wrote:
> On 12:21 am, m...@gsites.de wrote:
>
> Am 04.11.2010 17:15, schrieb anatoly techtonik:
>> pickle is insecure, marshal too.
>
> If the transport or storage layer is not save, you should cryptographically 
> sign the data anyway::
>
>     def pickle_encode(data, key):
>         msg = base64.b64encode(pickle.dumps(data, -1))
>         sig = base64.b64encode(hmac.new(key, msg).digest())
>         return sig + ':' + msg
>
>     def pickle_decode(data, key):
>         if data and ':' in data:
>             sig, msg = data.split(':', 1)
>             if sig == base64.b64encode(hmac.new(key, msg).digest()):
>                 return pickle.loads(base64.b64decode(msg))
>         raise pickle.UnpicklingError("Wrong or missing signature.")
>
> Bottle (a web framework) uses a similar approach to store non-string data in 
> client-side cookies. I don't see a (security) problem here.
>
>
> Your pickle_decode leaks information about the key.  An attacker will 
> eventually (a few seconds to a few minutes, depending on how they have access 
> to this system) be able to determine your key and send you arbitrary pickles 
> (ie, execute arbitrary code on your system).
>
> Oops.
>
> This stuff is hard.  If you're going to mess around with it, make sure you're 
> *serious* (better approach: don't mess around with it).

Specifically you need to use a constant time signature verification or
else there are possible timing attacks. Sounds like something a hmac
module should provide in the first place.

But yeah, this stuff is hard, better to just not have a code execution
hole in the first place.

-bob
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to