RFC: Unpickle user defined classes sent from the parent to the child#1342
RFC: Unpickle user defined classes sent from the parent to the child#1342mhartmay wants to merge 2 commits intomitogen-hq:masterfrom
Conversation
…arent -> child It's well known that unpickling data received from an untrusted source is not secure. But since children trust their parents and ancestors, unpickling data received from a parent or ancestor should be supported. Add a test for this use case. Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
The parent has other possibilities than doing attacks via malicious messages. Therefore it's okay to trust the messages from the parents and use unsecure unpickling methods. Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
|
Maybe relevant to #894 |
Very likely, even I can't think of specific methods.
I do not think this conclusion follows from the above premise. What's your use case or motivation for this? |
Hmm can you construct a test case which violates the promise? Do you know how to write code that allows a child context to call a function in the (direct and indirect) parent context using Mitogen? This could make a great addition to the examples in the
It makes the use of Mitogen way more flexible since more complex classes (namedtuple, subprocess.CompletedProcess, ...) and user defined classed could then be used in the guest calls. |
I can't, but I don't think that justifies lifting the current restriction - particularly by default, for everyone. I am already wary of Mitogen's use of pickle in security-critical paths. I'm not the original author, and I don't fully understand the design/model. Hence if we are loosening restrictions I think it is up to us to demonstrate it is not introducing new risks, as opposed to saying we con't think of new risks therefore it must be safe. I might be more open to designs that delegate the decision to end users, but no promises. General background: I've previously investigated pickle weaknesses https://github.com/moreati/pickle-fuzz, and tried to mitgate some of them https://github.com/moreati/pikl. I've prototyped a "Pickling Registry" for Mitogen master...moreati:mitogen:wip-pickling-registry. I try to keep an eye out for new research, https://iyehuda.substack.com/p/we-may-have-finally-fixed-pythons is on my reading list. |
2 participants
The parent has other possibilities than doing attacks via malicious messages.
Therefore it's okay to trust the messages from the parent and use unsecure
unpickling methods for those cases.
Note: I'm not very familiar with this codebase, so we should thoroughly review the changes to ensure they don't introduce any security vulnerabilities.