Opened at 2011-01-04T02:13:07Z
Last modified at 2016-04-28T07:52:59Z
#1290 new defect
replace all use of pickles with JSON — at Version 1
| Reported by: | davidsarah | Owned by: | somebody |
|---|---|---|---|
| Priority: | major | Milestone: | undecided |
| Component: | code | Version: | 1.8.1 |
| Keywords: | security pickle json | Cc: | zancas |
| Launchpad Bug: |
Description (last modified by davidsarah)
The pickle format is specific to Python. Loading pickles allows arbitrary code execution (by design) and has been subject to memory corruption bugs.
The security exposure in Tahoe-LAFS is in practice not too bad because we only use pickles as private state, and it could be argued that a storage server has security problems anyway if an attacker can write to the filesystem under its node directory. Still, the potential for memory corruption is not nice.
We currently read and write pickles:
- in PickleStatsGatherer at src/allmydata/stats.py#L245
- in ShareCrawler in src/allmydata/storage/crawler.py
- in LeaseCheckingCrawler (subclass of ShareCrawler) in src/allmydata/storage/expirer.py
- in misc/operations_helpers/cpu-watcher.tac
If all of these uses of pickles were simply replaced with JSON, the state of crawls in progress at the time of the upgrade would be lost. This seems acceptable to me; I don't see any need to support resuming an interrupted crawl from a pickle written by a previous version.
Change History (1)
comment:1 Changed at 2011-01-04T02:19:31Z by davidsarah
- Description modified (diff)
