Spoiler: I’ve emailed security@python.org and they told me that it’s not a security issue so I feel free to create a public discussion here.
Vulnerable packages: PythonV3 (latest) and PythonV2 (latest)
Example1:
- mkdir /tmp/test
- cd /tmp/test
- echo ‘print(“hacked”)’ > readlines.py
- python (version 3, no arguments)
- you will see result of step №3.
Example2:
- mkdir /tmp/test
- cd /tmp/test
- echo ‘print(“hacked”)’ > rlcompleter.py
- python (version 3, no arguments)
- you will see result of step №3.
Example3:
- mkdir /tmp/test
- cd /tmp/test
- echo ‘print(“hacked”)’ > runpy.py
- python -m pip (version 3)
- you will see result of step №3.
Proof-of-concepts:
(i am a new user, so i can’t add more than 1 embedded image and not more than 2 links), you can check another PoC here:
https://i.ibb.co/s3qvFvS/photo-2021-10-13-17-45-16.jpg
Description:
This allows hacker to execute arbitrary python code if another users
runs python command in certain directory.So, for example, USER1 creates runpy.py with malicious code inside /tmp/ folder. USER2 switched current directory to /tmp/ and runs “python3 -m pip install test_package_name” and this command triggers malicious code of first user.
Full list of files:
# trying /tmp/py3/runpy.py
# trying /tmp/py3/readline.cpython-39-x86_64-linux-gnu.so
# trying /tmp/py3/readline.abi3.so
# trying /tmp/py3/readline.so
# trying /tmp/py3/readline.py
# trying /tmp/py3/readline.pyc
# trying /tmp/py3/rlcompleter.cpython-39-x86_64-linux-gnu.so
# trying /tmp/py3/rlcompleter.abi3.so
# trying /tmp/py3/rlcompleter.so
# trying /tmp/py3/rlcompleter.py
Security@python.org answered (short fragment):
The issue that you are talking about is described as a feature, not a
vulnerability.
. . .
No longer adding the current directory to sys.path has been discussed
multiple times, but so far, it remains the default behavior.
But I think that it’s not a problem with sys.path. It’s problem with python core which,
for some reason, started to input its’ core files from current directory, not python installed path.
Also about “feature, not bug”: there is no information in documentation about that python interpreter will run readline.py, rlcompleter.py and other files from current directory by default. So, if “feature” is not documented and can cause security problems - its a security issue. In this case, this feature leads to library injection vulnerability.
And last one my reply from email about isolation mode:
Yes, may be it can fixed by isolation mode, but without isolated
mode it looks like an unpredictable behavior which leads to a security
issue inside python core, which for some reason starts to load these
files from current directory.
Full email history:
https://drive.google.com/file/d/1i5YkOkxwpI2edxQ3yY_69K3F72iNWr2R/view
I will follow this topic, so feel to ask more information about this “feature”