[Python-Dev] Cookie.py security (original) (raw)

Fredrik Lundh Fredrik Lundh" <effbot@telia.com
Thu, 31 Aug 2000 08:41:20 +0200

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jeremy wrote:

I would guess that pickle makes attacks easier: It has more features, e.g. creating instances of arbitrary classes (provided that the attacker knows what classes are available).

well, if not else, he's got the whole standard library to play with...

::: (I haven't looked at the cookie code, so I don't really know what I'm talking about here)

cannot you force the user to pass in a list of valid classes to the cookie constructor, and use a subclass of pickle.Unpickler to get a little more control over what's imported:

class myUnpickler(Unpicker):
    def __init__(self, data, classes):
        self.__classes = classes
        Unpickler.__init__(self, StringIO.StringIO(data))
    def find_class(self, module, name):
        for cls in self.__classes__:
            if cls.__module__ == module and cls.__name__ == name:
                return cls
        raise SystemError, "failed to import class"

But neither marshal nor pickle is safe. It is possible to cause a core dump by passing marshal invalid data. It may also be possible to launch a stack overflow attack -- not sure.

• Previous message: [Python-Dev] Cookie.py security
• Next message: [Python-Dev] Cookie.py security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]