jeremy wrote:
> I would guess that pickle makes attacks easier: It has more features,
> e.g. creating instances of arbitrary classes (provided that the attacker
> knows what classes are available).
well, if not else, he's got the whole standard library to
play with...
:::
(I haven't looked at the cookie code, so I don't really know
what I'm talking about here)
cannot you force the user to pass in a list of valid classes to
the cookie constructor, and use a subclass of pickle.Unpickler
to get a little more control over what's imported:
class myUnpickler(Unpicker):
def __init__(self, data, classes):
self.__classes = classes
Unpickler.__init__(self, StringIO.StringIO(data))
def find_class(self, module, name):
for cls in self.__classes__:
if cls.__module__ == module and cls.__name__ == name:
return cls
raise SystemError, "failed to import class"
> But neither marshal nor pickle is safe. It is possible to cause a
> core dump by passing marshal invalid data. It may also be possible to
> launch a stack overflow attack -- not sure.
</F>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4