Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict pickle loading to known classes #261

Closed
wants to merge 1 commit into from
Closed

Conversation

@clefebvre
Copy link
Member

clefebvre commented Oct 3, 2019

Pickle.loads is unsafe:

https://github.com/Andhrimnirr/Mintinstall-object-injection
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17080

This PR fixes the documented exploit, but I don't think it is good enough.

Could the hacker (well, the user in this example) go as far as overriding our class names within the cache file and injecting os.system() calls inside their init()?

Shall we just move our cache to something static like JSON?

@mtwebster @Andhrimnirr

@clefebvre clefebvre force-pushed the pickle-restrict branch from d08fd29 to 429afdb Oct 3, 2019
@clefebvre

This comment has been minimized.

Copy link
Member Author

clefebvre commented Oct 3, 2019

I'm trying to find examples where this wouldn't be enough... but most exploits I find are using eval, os, subprocess.. by forbidding anything outside our own reviews module we might be OK.

Also worth noting there's another use of pickle we need to fix in mint-common. Same issue there.

@clefebvre

This comment has been minimized.

Copy link
Member Author

clefebvre commented Oct 4, 2019

Superseded by #262

@clefebvre clefebvre closed this Oct 4, 2019
@clefebvre clefebvre deleted the pickle-restrict branch Oct 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.