Opened 16 years ago

Closed 16 years ago

#99 closed defect (fixed)

Use safe and fast serialization format for remctl listvms

Reported by: quentin Owned by: quentin
Priority: major Milestone:
Component: other Version:
Keywords: Cc:

Description (last modified by quentin)

Unpickling is not intended to be secure, according to http://docs.python.org/lib/node314.html. broder suggested replacing it with YAML, which has the additional advantage of being human-readable.

Change History (6)

comment:1 Changed 16 years ago by quentin

"Never unpickle data received *from an untrusted or unauthenticated source.*". In this case, the source *is* authenticated - in both directions, Kerberos protects the pickled data.

comment:2 Changed 16 years ago by andersk

But not necessarily trusted. For example, we may want to control an untested testing dom0 from the secure web interface, and there has been discussion of having separate dom0s for SIPB services and random-student guests. Anyway, it’s better to never trust anything that you don’t need to. Given that unpickling is insecure for a really dumb reason, we might as well replace it with something better.

comment:3 Changed 16 years ago by broder

  • Resolution set to fixed
  • Status changed from new to closed

Switch implemented in r550, r551, and r552

comment:4 Changed 16 years ago by quentin

  • Description modified (diff)
  • Reporter changed from andersk to quentin
  • Resolution fixed deleted
  • Status changed from closed to reopened
  • Summary changed from Replace pickling with YAML to Use safe and fast serialization format for remctl listvms

comment:5 Changed 16 years ago by quentin

  • Owner changed from sipb-xen to quentin
  • Status changed from reopened to accepted

comment:6 Changed 16 years ago by ecprice

  • Resolution set to fixed
  • Status changed from accepted to closed

We've used C yaml since r563.

Note: See TracTickets for help on using tickets.