Pickle trojan security issue, fixed? 
Author Message
 Pickle trojan security issue, fixed?

Some time ago, I learned that the pickle module has (had?) a security
issue. See bug report at:
http://www.*-*-*.com/

At the time, when I tried to run the exploit mentioned in the bug report
(exploit:   http://www.*-*-*.com/ )
it went off:


Penguin explodes--boom, you're dead!

However when I run it with python 2.1.1, i get this:


Traceback (most recent call last):
  File "pickletest.py", line 11, in ?
    pickle.loads(x)
  File "/usr/local/lib/python2.2/pickle.py", line 985, in loads
    return Unpickler(file).load()
  File "/usr/local/lib/python2.2/pickle.py", line 596, in load
    dispatch[key](self)
  File "/usr/local/lib/python2.2/pickle.py", line 781, in load_inst
    raise UnpicklingError('%s is not safe for unpickling' %
pickle.UnpicklingError: __main__.penguin is not safe for unpickling

So, has the security issue been fixed?

This is important for me because my distributed object system Pyro
uses pickle as a wire protocol. Pyro is (was?) vulnerable to the above
mentioned trojan attack because it unpickles arbitrary strings
from a socket.

Irmen

PS. FYI, for Pyro 3.0 it will be possible to choose Gnosis' xml_pickle
as wire protocol instead of pickle. No known security issues with that.



Fri, 12 Nov 2004 04:14:23 GMT  
 Pickle trojan security issue, fixed?

Quote:

> However when I run it with python 2.1.1, i get this:

Oops, that should have been 2.2.1.

Irmen



Fri, 12 Nov 2004 04:19:59 GMT  
 
 [ 2 post ] 

 Relevant Pages 

1. Trojan email Masquerading as Microsoft Security update?

2. Exploit for a security hole in the pickle module for Python versions <= 2.1.x

3. pickle security

4. Is this a known security hole with pickle?

5. pickle and security

6. (begginer) issue with pickling class objects

7. YA-Newbie: baffled by deepcopy/pickle issues...

8. explain this pickle issue to me...

9. Security issue - How to Read the HD serial number

10. Security Issues

11. Security Issues of Labview Web Server?

12. ANN: Twisted 1.0.6 (includes security fixes)

 

 
Powered by phpBB® Forum Software