"Steve Holden" wrote: > It's difficult to establish, and then correctly implement, almost any > security protocol without leaving cracks that attackers can lever open > and use to inject code into your process's memory space.
I can accept this - its difficult enough to write a receiver that syncs up and produces correctly that which was transmitted for all concievable input, without even worrying about evil input - so a string can contain code, and there is not a hell of a lot that you can do about it on the receiving side, when all the rest of the framing and error checking is correctly presented. It seems to me that the threat is not so much having evil code lying around in the machine's memory, but the mechanism for actually executing it. - If you think about it, your PC's memory normally has a lot of stuff in it that is ultra poisonous if it were to be executed - any data table or image would soon crash if executed as code. So it seems to me that to be safe, you can only transfer highly structured data, and not live objects, as objects tend to get control at some stage... > > By all means go ahead and hack on pickle to do what you want to. Just > don't claim your solution is secure without a thorough review. > I am not the OP, and I have had a (very) brief look at the code in the pickle module - and when I saw it was still using marshal, I did not follow through. - but from what I can understand of it, the whole functionality would probably have to be crippled to the point of just transferring very simple structures to make it secure. - it seems to be a mini stack based language, driven by its input. So after all this hoo haw - I find myself kind of agreeing with Steve Holden. - a secure pickle is not the way to go. Damn! : - ) But more seriously - is there any need for a simple serialiser that will be able to be used to transfer a subset of the built in types over an open network in a safe manner, for the transfer of things like lists of parameters? Or am I the only person in the squad that hears this particular drum? - Hendrik -- http://mail.python.org/mailman/listinfo/python-list
