[Python-Dev] Pickle alternative in stdlib (Was: On breaking modules into packages) (original) (raw)

Bob Ippolito bob at redivi.com
Fri Nov 5 05:21:57 CET 2010

On Friday, November 5, 2010, <exarkun at twistedmatrix.com> wrote:

On 12:21 am, marc at gsites.de wrote:

Am 04.11.2010 17:15, schrieb anatoly techtonik: pickle is insecure, marshal too. If the transport or storage layer is not save, you should cryptographically sign the data anyway::  def pickleencode(data, key):  msg = base64.b64encode(pickle.dumps(data, -1))  sig = base64.b64encode(hmac.new(key, msg).digest())  return sig + ':' + msg  def pickledecode(data, key):  if data and ':' in data:  sig, msg = data.split(':', 1)  if sig == base64.b64encode(hmac.new(key, msg).digest()):  return pickle.loads(base64.b64decode(msg))  raise pickle.UnpicklingError("Wrong or missing signature.") Bottle (a web framework) uses a similar approach to store non-string data in client-side cookies. I don't see a (security) problem here.

Your pickledecode leaks information about the key.  An attacker will eventually (a few seconds to a few minutes, depending on how they have access to this system) be able to determine your key and send you arbitrary pickles (ie, execute arbitrary code on your system). Oops. This stuff is hard.  If you're going to mess around with it, make sure you're serious (better approach: don't mess around with it).

Specifically you need to use a constant time signature verification or else there are possible timing attacks. Sounds like something a hmac module should provide in the first place.

But yeah, this stuff is hard, better to just not have a code execution hole in the first place.

-bob

More information about the Python-Dev mailing list