Rehabilitating Pickle

Speaker(s) Alex Willmer

Pickle is a compact serialisation protocol for Python objects. It could be a convenient way for Python programs and distributed systems to communicate. Unfortunately pickle is widely considered to be unsafe, and it has lead to several vulnerabilities over the years. As the Python manual warns

The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

Does this have to be the case? Can we use Pickle safely?

This talk will be a deep dive into what an attacker can do with a maliciously constructed pickles. I’ll show what defences you can implement against the common attacks, especially those that gain arbitrary code execution. I will present new research into other attacks, and mitigations. Finally I will review a few less known alternatives to pickle.

This talk will expand on a PyLondinium 2018 lightning talk

in on Friday 27 July at 12:10 See schedule

Do you have some questions on this talk?

New comment

Comment:

Name:

Email address:

URL:

Captcha:

Download slide (PDF Document) (Size: 571.3 KB)

Language: EN
Duration: 30 minutes (inc. Q&A)

Tag

Configuration Management (Ansible/Fabric/Chef/...)SecurityPython generalMessaging and Job Queues (RabbitMQ/Redis/...)Distributed Systems