This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients alexandre.vassalotti, belopolsky, exarkun, lemburg, pitrou
Date 2010-08-02.14:05:42
SpamBayes Score 0.000244876
Marked as misclassified No
Message-id <4C56D0B5.1010106@egenix.com>
In-reply-to <1280757127.38.0.605114529509.issue9276@psf.upfronthosting.co.za>
Content 
Jean-Paul Calderone wrote:
> 
> Jean-Paul Calderone <exarkun@twistedmatrix.com> added the comment:
> 
> For example:
> 
> exarkun@boson:~$ python
> Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15) 
> [GCC 4.4.1] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>>>> class x(object):
> ...     def __reduce__(self):
> ...         import os
> ...         return os.system, ('echo "Hello from sploitland"',)
> ... 
>>>> import pickle
>>>> pickle.loads(pickle.dumps(x()))
> Hello from sploitland
> 0

But here you are not transferring malicious code in the pickle
string, you are just triggering the execution of such code that
you already have (and are in control of).

Without the definition of class x on the receiving side, there
would be no exploit.

By adding support for pickling code objects, you'd make it possible
to place the definition of class x into the pickle string and
you would no longer be in control of that code.
History
Date User Action Args
2010-08-02 14:05:50lemburgsetrecipients: + lemburg, exarkun, belopolsky, pitrou, alexandre.vassalotti
2010-08-02 14:05:43lemburglinkissue9276 messages
2010-08-02 14:05:43lemburgcreate