Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Understanding Python Pickle Insecurity

Tags:

python

namespaces

security

pickle

It states in the Python documentation that pickle is not secure and shouldn't parse untrusted user input. If you research this; almost all examples demonstrate this with a system() call via os.system.

Whats not clear to me, is how os.system is interpreted correctly without the os module being imported. 

>>> import pickle
>>> pickle.loads("cos\nsystem\n(S'ls /'\ntR.") # This clearly works.
bin  boot  cgroup  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
0
>>> dir() # no os module
['__builtins__', '__doc__', '__name__', '__package__', 'pickle']
>>> os.system('ls /')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'os' is not defined
>>>

Can someone explain?

like image 340
tMC Avatar asked Apr 24 '12 16:04

tMC

People also ask

Why are pickles insecure in Python?

Pickle's ProsPickle constructs arbitrary Python objects by invoking arbitrary functions, that's why it is not secure. However, this enables it to serialise almost any Python object that JSON and other serialising methods will not do.

Are Python pickles efficient?

The advantage of using pickle is that it can serialize pretty much any Python object, without having to add any extra code. Its also smart in that in will only write out any single object once, making it effective to store recursive structures like graphs.

What is the point of pickle Python?

Pickle in Python is primarily used in serializing and deserializing a Python object structure. In other words, it's the process of converting a Python object into a byte stream to store it in a file/database, maintain program state across sessions, or transport data over the network.

What is not right about pickling in Python?

Explanation: Functions which are defined at the top level of a module with lambda cannot be pickled.

1 Answers

The name of the module (os) is part of the opcode, and pickle automatically imports the module:

# pickle.py
def find_class(self, module, name):
    # Subclasses may override this
    __import__(module)
    mod = sys.modules[module]
    klass = getattr(mod, name)
    return klass

Note the __import__(module) line.

The function is called when the GLOBAL 'os system' pickle bytecode instruction is executed.

This mechanism is necessary in order to be able to unpickle instances of classes whose modules haven't been explicitly imported into the caller's namespace.

like image 156
NPE Avatar answered Oct 24 '22 05:10

NPE
Sign in to Comment

Related questions

Python : Operator Overloading a specific type
How can I get fields in an original order?
Pythonic way to turn a list of strings into a dictionary with the odd-indexed strings as keys and even-indexed ones as values?
Run Django on multiple ports
How to ensure list contains unique elements?
How to detemine python version in Makefile?
Bizzarre issue trying to make Rpy2 2.1.9 work with R 2.12.1, using Python 2.6 under Windows xp - Rpy can't find the R.dll?
How do I check if values in a dictionary all have the same value X?
Use frozenset as a pair in python
Storing multiple messages in one protocol buffer binary file
How to sort files in a directory before reading?
Separate street name from street number [closed]
ctypes and passing a by reference to a function
Developing a web application in python with neo4j
How to continue with next line in a Python's try block?
LISP cons in python
how to import only the class methods in python
can os.path.join (or other python method) append a '/' automatically for the case of the directory?
Check existence of YAML key
6th degree curve fitting with numpy/scipy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!