We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Rehabilitating Pickle

Formal Metadata

Title
Rehabilitating Pickle
Title of Series
Number of Parts
132
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Pickle is a compact serialisation protocol for Python objects. It could be a convenient way for Python programs and distributed systems to communicate. Unfortunately pickle is widely considered to be unsafe, and it has lead to several vulnerabilities over the years. As the Python manual warns The pickle module is not secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Does this have to be the case? Can we use Pickle safely? This talk will be a deep dive into what an attacker can do with a maliciously constructed pickles. I’ll show what defences you can implement against the common attacks, especially those that gain arbitrary code execution. I will present new research into other attacks, and mitigations. Finally I will review a few less known alternatives to pickle.