Opened 17 years ago
Last modified 17 years ago
#99 closed defect
Use safe and fast serialization format for remctl listvms — at Version 4
| Reported by: | quentin | Owned by: | sipb-xen |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | other | Version: | |
| Keywords: | Cc: |
Description (last modified by quentin)
Unpickling is not intended to be secure, according to http://docs.python.org/lib/node314.html. broder suggested replacing it with YAML, which has the additional advantage of being human-readable.
Change History (4)
comment:1 Changed 17 years ago by quentin
comment:2 Changed 17 years ago by andersk
But not necessarily trusted. For example, we may want to control an untested testing dom0 from the secure web interface, and there has been discussion of having separate dom0s for SIPB services and random-student guests. Anyway, it’s better to never trust anything that you don’t need to. Given that unpickling is insecure for a really dumb reason, we might as well replace it with something better.
comment:3 Changed 17 years ago by broder
- Resolution set to fixed
- Status changed from new to closed
comment:4 Changed 17 years ago by quentin
- Description modified (diff)
- Reporter changed from andersk to quentin
- Resolution fixed deleted
- Status changed from closed to reopened
- Summary changed from Replace pickling with YAML to Use safe and fast serialization format for remctl listvms
Note: See
TracTickets for help on using
tickets.
"Never unpickle data received *from an untrusted or unauthenticated source.*". In this case, the source *is* authenticated - in both directions, Kerberos protects the pickled data.