了解Python Pickle不安全性 [英] Understanding Python Pickle Insecurity

问题描述

在Python文档中指出pickle是不安全的，不应解析不受信任的用户输入.如果您对此进行研究；几乎所有示例都通过os.system通过system()调用进行了演示.

It states in the Python documentation that pickle is not secure and shouldn't parse untrusted user input. If you research this; almost all examples demonstrate this with a system() call via os.system.

对我来说尚不清楚的是，如何在不导入os模块的情况下正确解释os.system.

Whats not clear to me, is how os.system is interpreted correctly without the os module being imported.

>>> import pickle
>>> pickle.loads("cos\nsystem\n(S'ls /'\ntR.") # This clearly works.
bin  boot  cgroup  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  selinux  srv  sys  tmp  usr  var
0
>>> dir() # no os module
['__builtins__', '__doc__', '__name__', '__package__', 'pickle']
>>> os.system('ls /')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'os' is not defined
>>> 

有人可以解释吗?

推荐答案

模块名称(os)是操作码的一部分，并且pickle自动导入模块:

The name of the module (os) is part of the opcode, and pickle automatically imports the module:

# pickle.py
def find_class(self, module, name):
    # Subclasses may override this
    __import__(module)
    mod = sys.modules[module]
    klass = getattr(mod, name)
    return klass

注意__import__(module)行.

当执行GLOBAL 'os system'泡菜字节码指令时，将调用该函数.

The function is called when the GLOBAL 'os system' pickle bytecode instruction is executed.

此机制是必需的，以便能够释放未将模块显式导入到调用者的名称空间中的类的实例.

This mechanism is necessary in order to be able to unpickle instances of classes whose modules haven't been explicitly imported into the caller's namespace.

这篇关于了解Python Pickle不安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！