[issue9276] pickle should support methods

Marc-Andre Lemburg report at bugs.python.org
Mon Aug 2 16:05:49 CEST 2010


Marc-Andre Lemburg <mal at egenix.com> added the comment:

Jean-Paul Calderone wrote:
> 
> Jean-Paul Calderone <exarkun at twistedmatrix.com> added the comment:
> 
> For example:
> 
> exarkun at boson:~$ python
> Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15) 
> [GCC 4.4.1] on linux2
> Type "help", "copyright", "credits" or "license" for more information.
>>>> class x(object):
> ...     def __reduce__(self):
> ...         import os
> ...         return os.system, ('echo "Hello from sploitland"',)
> ... 
>>>> import pickle
>>>> pickle.loads(pickle.dumps(x()))
> Hello from sploitland
> 0

But here you are not transferring malicious code in the pickle
string, you are just triggering the execution of such code that
you already have (and are in control of).

Without the definition of class x on the receiving side, there
would be no exploit.

By adding support for pickling code objects, you'd make it possible
to place the definition of class x into the pickle string and
you would no longer be in control of that code.

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9276>
_______________________________________


More information about the Python-bugs-list mailing list