Skip to content

Add pty to unsafeimports #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add pty to unsafeimports #108

wants to merge 2 commits into from

Conversation

@ajohnston9
Copy link

@ajohnston9 ajohnston9 commented May 30, 2024
edited
Loading

The following code produces a pickle file that fickling fails to detect as malicious:

import pickle
import pickletools

payload = b'''(cpty\nspawn\nS"id"\no.'''
pickletools.dis(payload, annotate=1)

with open('pwn.pkl', 'wb') as f:
    f.write(payload)

This is because this technique uses pty and does not leave _var0 unused. This PR adds pty to unsafe_imports as a quick fix to ensure the primitive behind this technique is detected.

@ajohnston9 ajohnston9 requested a review from ESultanik as a code owner May 30, 2024 21:42
@CLAassistant
Copy link

CLAassistant commented May 30, 2024
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ajohnston9
❌ Andrew Johnston

Andrew Johnston seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

ESultanik
ESultanik approved these changes May 31, 2024
View reviewed changes
Copy link
Collaborator

@ESultanik ESultanik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thanks! It'd be nice to have a unit test to confirm that we now catch this attack, but we can add that after this PR is merged. Once you sign the CLA we can merge.

@ajohnston9
Copy link
Author

ajohnston9 commented Jun 20, 2024

I've added a relevant test and signed the CLA! Let me know if there's anything else I can do.

woodruffw
woodruffw reviewed Jun 20, 2024
View reviewed changes
test/test_hook.py

try:
numpy.load("unsafe.pickle", allow_pickle=True)
numpy.load("unsafe_pty.pickle", allow_pickle=True)
Copy link
Contributor

@woodruffw woodruffw Jun 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be missing something, but shouldn't this be in its own test/try-except block at a minimum? I believe as-is the first line will always trip the exception, so this will never be tested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ESultanik ESultanik ESultanik approved these changes

+1 more reviewer

@woodruffw woodruffw woodruffw left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ajohnston9 @CLAassistant @woodruffw @ESultanik