Explore the security implications and potential rehabilitation of Python's Pickle serialization protocol in this 30-minute EuroPython 2018 conference talk. Dive deep into the vulnerabilities associated with Pickle, learn about common attacks and their defenses, and discover new research on potential threats and mitigations. Gain insights into implementing safe usage practices, understand the risks of arbitrary code execution, and explore less-known alternatives to Pickle. Examine benchmarks, self-referencing pickles, and use cases while considering the possibility of a more secure "Pickle Lite" implementation.
Overview
Syllabus
Intro
Backstory
Using mitogen with ansible
Running ansible with mitogen
What is Pickle
Advantages
Standard Advice
Documentation
Remote code execution
Ricks Pickle
Standard Mitigation
Other Attacks
Benchmarking
Selfreferencing pickles
Unpicking pickles
Use case
Pickle Lite
Taught by
EuroPython Conference
