Pickle and marshal are not safe. They can do harmful
things if fed maliciously constructed data.
That is a pity, because marshal is fast.
I need a fast and safe (secure) marshaler.
Is xdrlib the only option?
I would expect that it is fast and safe because
it (the xdr spec) has been around for so long.
Or are there better options (perhaps 3rd party libraries)?
Thanks
Irmen.
Jul 18 '05
42 2600
In article <ma************ *************** ************@py thon.org>,
Skip Montanaro <sk**@pobox.com > wrote: Carl> but can't effbot's fast cElementree be used for PYROs XML_PICKLE Carl> and would it be safe and fast enough?
It's not clear to me that if marshal is unsafe how XML could be safe. In this context they are both just serializations of basic Python data structures.
The difference is that parsing XML -- even badly malformed -- won't
crash Python.
--
Aahz (aa**@pythoncra ft.com) <*> http://www.pythoncraft.com/
"The joy of coding Python should be in seeing short, concise, readable
classes that express a lot of action in a small amount of clear code --
not in reams of trivial code that bores the reader to death." --GvR
Irmen de Jong wrote: but can't effbot's fast cElementree be used for PYROs XML_PICKLE and would it be safe and fast enough?
ElementTree's not a marshaler. Or has it object (de)serializati on included?
nope. building a serialization layer on top of it is pretty trivial, and the result
is pretty fast, but nowhere close to C speed.
</F>
(repost; gmane seems to have eaten my original post)
Aahz wrote: It's not clear to me that if marshal is unsafe how XML could be safe. In this context they are both just serializations of basic Python data structures.
The difference is that parsing XML -- even badly malformed -- won't crash Python.
optimist. import os os.path.getsize ("BL.xml")
1302 from xml.dom import minidom x = minidom.parse(" BL.xml")
(have patience. have lots of patience.)
</F>
Fredrik Lundh wrote: import os os.path.get size("BL.xml") 1302 from xml.dom import minidom x = minidom.parse(" BL.xml")
(have patience. have lots of patience.)
Hehe, the XML killer file "BillionLaughs" ... correct?
--Irmen
Alan Kennedy wrote: I should learn to keep my mouth zipped :-L
:-D
OK, I really don't have time for a detailed examination of either the JSON spec or the python impl of same. And I *definitely* don't have time for a detailed security audit, much though I'd love to.
No problem. The patch you wrote is a very good start, I think!!
Interestingly enough, I just ran across "Flatten": http://sourceforge.net/project/showf...ckage_id=91311
"...which aids in serializing/unserializing networked data securely,
without having to fear execution of code or the like."
Sounds promising!
--Irmen
Aahz wrote: It's not clear to me that if marshal is unsafe how XML could be safe. In this context they are both just serializations of basic Python data structures.
The difference is that parsing XML -- even badly malformed -- won't crash Python.
optimist. import os os.path.getsize ("BL.xml")
1302 from xml.dom import minidom x = minidom.parse(" BL.xml")
(have patience. have lots of patience.)
</F>
(repost; gmane seems to have eaten my original post)
Irmen de Jong wrote: I think marshal could be fixed; the only unsafety I'm aware of is that it doesn't always act rationally when confronted with incorrect input like bad type codes or truncated input. It only receives instances of the built-in types and it never executes user code as a result of unmarshalling.
So it is not vulnerable in the way that pickle is? That's a start. The security warning in the marsal doc then makes it sound worse than it is...
the problem is that the following may or may not reach the "done!" statement,
somewhat depending on python version, memory allocator, and what data you
pass to dumps.
import marshal
data = marshal.dumps(( 1, 2, 3, "hello", 4, 5, 6))
for i in range(len(data) , -1, -1):
try:
print marshal.loads(d ata[:i])
except EOFError:
print "EOFError"
except ValueError:
print "ValueError "
print "done!"
(try different data combinations, to see how far you get on your platform...)
fixing this should be relatively easy, and should result in a safe unmarshaller (your
application will still have to limit the amount of data fed into load/loads, of course).
</F>
Fredrik Lundh wrote: the problem is that the following may or may not reach the "done!" statement, somewhat depending on python version, memory allocator, and what data you pass to dumps.
import marshal
data = marshal.dumps(( 1, 2, 3, "hello", 4, 5, 6))
for i in range(len(data) , -1, -1): try: print marshal.loads(d ata[:i]) except EOFError: print "EOFError" except ValueError: print "ValueError "
print "done!"
(try different data combinations, to see how far you get on your platform...)
Python 2.4 on my windows box crashes with
Fatal Python error: PyString_Intern InPlace: strings only please!
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
c:\> _
So indeed it seems that marshal is not safe yet :-|
fixing this should be relatively easy, and should result in a safe unmarshaller (your application will still have to limit the amount of data fed into load/loads, of course).
Okay.
--Irmen
Alan Kennedy wrote: [Irmen de Jong]
Interestingly enough, I just ran across "Flatten": http://sourceforge.net/project/showf...ckage_id=91311
"...which aids in serializing/unserializing networked data securely, without having to fear execution of code or the like."
Sounds promising!
Well, I'm always dubious of OSS projects that don't even have any bugs reported, let alone fixed: no patches submitted, etc, etc.
http://sourceforge.net/tracker/?group_id=82591
Though maybe I'm missing something obvious?
Perhaps the SF trackers are simply not used for that project?
Consider my own project: http://sourceforge.net/tracker/?group_id=18837
I can assure you that I have fixed and applied a huge
amount of bugs and patches during the lifetime of the project.
They are just not entered in the trackers, except for a few.
--Irmen This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Jody Gelowitz |
last post by:
I am trying to find the definition of "Safe Printing" and cannot find out
exactly what this entitles. The reason is that I am trying to print
contents from a single textbox to no avail using the PrintDialog control
under a security setting with only SafePrinting allowed.
I have attached a sample project that I am using to try to accomplish this.
The print dialog appears, but when I press the Print button, I get an
exception (at the end...
|
by: dee |
last post by:
OleDbCommand class like many .NET classes has the following description in
its help file:
"Thread Safety
Any public static (Shared in Visual Basic) members of this type are safe for
multithreaded operations. Any instance members are not guaranteed to be
thread safe."
I have 2 questions:
1. I thought dynamic variables are thread-safe since threads have their own
|
by: gm |
last post by:
Immediately after generating the Access application from the Source
Safe project I get:
"-2147467259 Could not use ''; file already in use."
If Access database closed and then reopened I get:
"-2147467259 The database has been place in a state by user
'Admin' on machine ..... that prevents it from being opened or
locked."
|
by: Laser Lu |
last post by:
I was often noted by Thread Safety declarations when I was reading .NET Framework Class Library documents in MSDN.
The declaration is usually described as 'Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.'
So, does this mean All the static/shared methods written in .NET compatible programming language, such as C#, VB.NET, are guaranteed to be...
|
by: johnlim20088 |
last post by:
Hi,
Currently I have 6 web projects located in Visual Source Safe 6.0, as usual, everytime I will open solution file located in my local computer, connected to source safe, then check out/check in some files and work on it.
Let say, I want add new page to web project named websiteOrder.sln, i will open websiteOrder.sln in my local computer, connected to websiteOrder.sln located in Visual Source Safe 6.0(source safe located in another...
| |
by: jecheney |
last post by:
Hi,
Im currently using the following code for reading/writing to a network
socket.
private StreamReader clientStreamReader;
private StreamWriter clientStreamWriter;
....
TcpClient tcpClient = new
TcpClient(server_host_name, server_port);
|
by: George2 |
last post by:
Hello everyone,
Here is Bjarne's exception safe sample,
http://www.research.att.com/~bs/3rd_safe.pdf
template <class Tclass Safe {
|
by: climber.cui |
last post by:
Hi all,
Does anyone have experience on the thread-safty issue with malloc()?
Some people said this function provided in stdlib.h is not thread-
safe, but someone said it is thread safe. Is it possible this
function evolves from thread-unsafe to thread-safe in recent years?
How could i find out?
I am using the C library coming with GNU linux distribution.
thanks a lot.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |