Python:我可以安全地释放不受信任的数据吗? [英] Python: can I safely unpickle untrusted data?

问题描述

修补模块文档说的正确一开始:

警告: 腌制模块的目的不是为了防止错误或损坏. 恶意构建的数据.切勿破坏从计算机接收到的数据 不受信任或未经身份验证的来源.

Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

但是，在限制全局变量下，描述一种使用允许的对象白名单来确保数据安全剔除的方法.

However, further down under restricting globals it seems to describe a way to make unpickling data safe using a whitelist of allowed objects.

这是否意味着如果我使用仅允许某些基本"类型的RestrictedUnpickler，或者可以使用此方法解决其他安全问题，则可以安全地释放不受信任的数据?如果有的话，还有另一种方法可以使脱酸安全吗?(显然是以不能为每条流脱酸为代价的)?

Does this mean that I can safely unpickle untrusted data if I use a RestrictedUnpickler that allows only some "elementary" types, or are there additional security issues that are not addressed by this method? If there are, is there another way to make unpickling safe (obviously at the cost of not being able to unpickle every stream)?

对于基本类型"，我的确切含义是:

With "elementary types" I mean precisely the following:

• bool
• str，bytes，bytearray
• int，float，complex
• tuple，list，dict，set和frozenset

• bool
• str, bytes, bytearray
• int, float, complex
• tuple, list, dict, set and frozenset

推荐答案

我要说的是，没有安全的方法可以使用pickle处理不信任的数据.

I'd go so far as saying that there is no safe way to use pickle to handle untrusted data.

即使使用受限的全局变量，Python的动态性质也使得坚定的黑客仍然有机会找到回到__builtins__映射并从那里到Crown Jewels的方法.

Even with restricted globals, the dynamic nature of Python is such that a determined hacker still has a chance of finding a way back to the __builtins__ mapping and from there to the Crown Jewels.

请参见内德·巴切尔德(Ned Batchelder)的博客文章，内容涉及规避对​​eval() 的限制测量到pickle.

请记住，pickle仍然是一种堆栈语言，您无法预见所有通过允许对有限全局变量的任意调用而产生的所有对象. pickle文档中也没有提及允许调用copyreg安装的扩展名的EXT*操作码.您还必须在此处说明该注册表中安装的所有内容.它只需要一个向量就可以将对象调用转换为getattr等效项，以使防御崩溃.

Remember that pickle is still a stack language and you cannot foresee all possible objects produced from allowing arbitrary calls even to a limited set of globals. The pickle documentation also doesn't mention the EXT* opcodes that allow calling copyreg-installed extensions; you'll have to account for anything installed in that registry too here. All it takes is one vector allowing a object call to be turned into a getattr equivalent for your defences to crumble.

至少至少对数据使用加密签名，以便您可以验证完整性.您可以限制风险，但是如果攻击者设法窃取了您的签名秘密(密钥)，那么他们可能会再次向您滑入被入侵的酱菜.

At the very least use a cryptographic signature to your data so you can validate the integrity. You'll limit the risks, but if an attacker ever managed to steal your signing secrets (keys) then they could again slip you a hacked pickle.

我会改用现有的无害格式(如JSON)并添加类型注释；例如使用类型键将数据存储在字典中，并在加载数据时进行转换.

I would instead use an an existing innocuous format like JSON and add type annotations; e.g. store data in dictionaries with a type key and convert when loading the data.

这篇关于Python:我可以安全地释放不受信任的数据吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！