Opened 17 years ago
Closed 17 years ago
#99 closed defect (fixed)
Use safe and fast serialization format for remctl listvms
Reported by: | quentin | Owned by: | quentin |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | other | Version: | |
Keywords: | Cc: |
Description (last modified by quentin)
Unpickling is not intended to be secure, according to http://docs.python.org/lib/node314.html. broder suggested replacing it with YAML, which has the additional advantage of being human-readable.
Change History (6)
comment:1 Changed 17 years ago by quentin
comment:2 Changed 17 years ago by andersk
But not necessarily trusted. For example, we may want to control an untested testing dom0 from the secure web interface, and there has been discussion of having separate dom0s for SIPB services and random-student guests. Anyway, it’s better to never trust anything that you don’t need to. Given that unpickling is insecure for a really dumb reason, we might as well replace it with something better.
comment:3 Changed 17 years ago by broder
- Resolution set to fixed
- Status changed from new to closed
comment:4 Changed 17 years ago by quentin
- Description modified (diff)
- Reporter changed from andersk to quentin
- Resolution fixed deleted
- Status changed from closed to reopened
- Summary changed from Replace pickling with YAML to Use safe and fast serialization format for remctl listvms
comment:5 Changed 17 years ago by quentin
- Owner changed from sipb-xen to quentin
- Status changed from reopened to accepted
comment:6 Changed 17 years ago by ecprice
- Resolution set to fixed
- Status changed from accepted to closed
We've used C yaml since r563.
"Never unpickle data received *from an untrusted or unauthenticated source.*". In this case, the source *is* authenticated - in both directions, Kerberos protects the pickled data.