blog.nelhage.com/2011/03/exploiting-pickle
Preview meta tags from the blog.nelhage.com website.
Linked Hostnames
6- 5 links toblog.nelhage.com
- 3 links todocs.python.org
- 1 link tobuttondown.email
- 1 link tocreativecommons.org
- 1 link tonelhage.com
- 1 link totwistedmatrix.com
Search Engine Appearance
Exploiting misuse of Python's "pickle"
If you program in Python, you’re probably familiar with the pickle serialization library, which provides for efficient binary serialization and loading of Python datatypes. Hopefully, you’re also familiar with the warning printed prominently near the start of pickle’s documentation: Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Recently, however, I stumbled upon a project that was accepting and unpacking untrusted pickles over the network, and a poll of some friends revealed that few of them were aware of just how easy it is to exploit a service that does this.
Bing
Exploiting misuse of Python's "pickle"
If you program in Python, you’re probably familiar with the pickle serialization library, which provides for efficient binary serialization and loading of Python datatypes. Hopefully, you’re also familiar with the warning printed prominently near the start of pickle’s documentation: Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Recently, however, I stumbled upon a project that was accepting and unpacking untrusted pickles over the network, and a poll of some friends revealed that few of them were aware of just how easy it is to exploit a service that does this.
DuckDuckGo
https://blog.nelhage.com/2011/03/exploiting-pickleExploiting misuse of Python's "pickle"
If you program in Python, you’re probably familiar with the pickle serialization library, which provides for efficient binary serialization and loading of Python datatypes. Hopefully, you’re also familiar with the warning printed prominently near the start of pickle’s documentation: Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Recently, however, I stumbled upon a project that was accepting and unpacking untrusted pickles over the network, and a poll of some friends revealed that few of them were aware of just how easy it is to exploit a service that does this.
General Meta Tags
10- titleExploiting misuse of Python's "pickle" - Made of Bugs
- charsetutf-8
- authorNelson Elhage
- HandheldFriendlyTrue
- MobileOptimized320
Open Graph Meta Tags
6- og:urlhttps://blog.nelhage.com/2011/03/exploiting-pickle/
- og:site_nameMade of Bugs
- og:titleExploiting misuse of Python's "pickle"
- og:descriptionIf you program in Python, you’re probably familiar with the pickle serialization library, which provides for efficient binary serialization and loading of Python datatypes. Hopefully, you’re also familiar with the warning printed prominently near the start of pickle’s documentation: Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source. Recently, however, I stumbled upon a project that was accepting and unpacking untrusted pickles over the network, and a poll of some friends revealed that few of them were aware of just how easy it is to exploit a service that does this.
og:localeen_us
Link Tags
5- alternate/atom.xml
- canonicalhttps://blog.nelhage.com/2011/03/exploiting-pickle/
- icon/favicon.png
- stylesheet/css/screen.cb04a9aa990d23e9df1263eae2a975688090c919b2e39168b989799c744ec804.css
- stylesheet/css/fonts.b428aca6651515b69efbc3270422da34019189b3e6682f16b10e4455d5834152.css
Links
12- http://creativecommons.org/licenses/by/4.0
- http://docs.python.org/library/pickle.html
- http://docs.python.org/library/pickle.html#object.__reduce__
- http://docs.python.org/library/subprocess.html
- http://twistedmatrix.com