Python pickle vulnerability - Python

chroniccommand

So I was playing around with the pickle module and found something....interesting. Take a look at this code:

#!/usr/bin/python

import sys, pickle, os

cmd = '/bin/sh'
out = open('file&#46;pkl', 'wb')
pickle&#46;dump(cmd, out)
out&#46;close()

file = open('file&#46;pkl', 'rb')
data = pickle&#46;load(file)
file&#46;close()

os&#46;system(data)

For those of you who don't know what's going on, I'll explain:
cmd holds the value '/bin/sh'(A *nix shell). Then we open file.pkl with write permissions. Then we dump cmd into the file and close the file. After that we open with read permissions. Then we load whatever is in the file. Then we use os.system() to execute it. When it's executed I get a shell. What's more, if I put a suid flag on it and execute it it gives me a root shell. I researched it a bit more and it's because a pickle file is not structured or readable enough to sanitize, and arbitrary code can be executed while unpickling. Just figured I'd share here if anybody has some evil ideas with any python code ;)

sangf

and arbitrary code can be executed while unpickling

i'm confused, are you saying arbitrary code can be involuntarily executed when loading in the pickle'd file? or just by using the system function? also cpickle > pickle, just saying.

chroniccommand

said:

and arbitrary code can be executed while unpickling

i'm confused, are you saying arbitrary code can be involuntarily executed when loading in the pickle'd file? or just by using the system function? also cpickle > pickle, just saying.

I'm saying if a python code is really shitty you can pickle a file yourself that executes commands. That is of course if the program executes commands that are in the pickle file.

Howdy, Stranger!

Top Posters

Who's Online (3)