![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: sagemath denial of service with abort() in gmp: overflow in mpz type
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 6 Sep 2022 08:45:28 -0400
On Tue, Sep 6, 2022 at 7:52 AM Jeremy Stanley <fungi () yuggoth org> wrote:
On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote: [...]sagemath gives access to the python interpreter, so code execution is trivial.[...] I'm not familiar with sagemath, but is it intended to protect against such cases? Note that even if all it does is pass expressions into CPython's eval(), it's pretty much impossible to guard against misuse without completely sandboxing the underlying processes. Denial of service scenarios are really the least of worries in that case. Many articles have been written over the years about this, though one of the more recent and thorough ones is: https://netsec.expert/posts/breaking-python3-eval-protections/
One of the problems with GMP is, it will crash instead of returning failure. The problem becomes more acute if the program using GMP is handling sensitive information, like a private key or passphrase. The sensitive material can be written to a dump file and can be sent to an error reporting service. So there's a DoS in the app, and a possible egress of sensitive information outside the app's security boundary. It is not clear to me whether that is happening in this instance, though. Stepping back a bit, the GMP library is setting a policy for an application. That is, GMP is setting the policy of "crash instead of fail." An application should set their policy, not libraries. Apps are in the position to determine strategy they need, not libraries. Libraries know nothing about an application's security requirements or strategy. Jeff
Current thread:
- sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Michael Orlitzky (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)