Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Attacking Python's pickle

I'm writing a web app that stores user input in an object. This object will be pickled.

Is it possible for a user to craft malicious input that could do something egregious when the object is unpickled?

Here's a really basic code example that ignores wonderful principles such as encapsulation but epitomizes what I'm looking at:

import pickle  class X(object):     some_attribute = None  x = X() x.some_attribute = 'insert some user input that could possibly be bad'  p = pickle.dumps(x)  # Can bad things happen here if the object, before being picked, contained # potentially bad data in some_attribute? x = pickle.loads(p) 
like image 838
Matty Avatar asked Apr 23 '12 14:04

Matty


People also ask

Are pickles unsafe in Python?

Cons-1: Pickle is Unsafe Unlike JSON, which is just a piece of string, it is possible to construct malicious pickle data which will execute arbitrary code during unpickling. Therefore, we should NEVER unpickle data that could have come from an untrusted source, or that could have been tampered with.

What is the pickling in Python?

“Pickling” is the process whereby a Python object hierarchy is converted into a byte stream, and “unpickling” is the inverse operation, whereby a byte stream (from a binary file or bytes-like object) is converted back into an object hierarchy.

Can you pickle a pickle Python?

Pickling FilesTo use pickle, start by importing it in Python. To pickle this dictionary, you first need to specify the name of the file you will write it to, which is dogs in this case. Note that the file does not have an extension. To open the file for writing, simply use the open() function.

Why is pickle insecure?

The insecurity is not because pickles contain code, but because they create objects by calling constructors named in the pickle. Any callable can be used in place of your class name to construct objects. Malicious pickles will use other Python callables as the “constructors.” For example, instead of executing “models.


1 Answers

Yes and no...

No - unless there's a bug with the interpreter or the pickle module, you can't run arbitrary code via pickled text, or something like that. unless the pickled text is evaled later, or you're doing stuff like creating a new object with a type mentioned in this data.

Yes - depending on what you plan to do with the information in the object later, a user can do all sorts of things. From SQL injection attempts, to changing credentials, brute force password cracking, or anything that should be considered when you're validating user input. But you are probably checking for all this.


Edit:

The python documentation states this:

Warning The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

However this is not your case - you accept the input, put it through the regular validation, and then pickle it.

like image 65
Not_a_Golfer Avatar answered Oct 08 '22 08:10

Not_a_Golfer