oss-sec mailing list archives
Re: sagemath denial of service with abort() in gmp: overflow in mpz type
From: Jeremy Stanley <fungi () yuggoth org>
Date: Tue, 6 Sep 2022 11:50:10 +0000
On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote: [...]
sagemath gives access to the python interpreter, so code execution is trivial.
[...] I'm not familiar with sagemath, but is it intended to protect against such cases? Note that even if all it does is pass expressions into CPython's eval(), it's pretty much impossible to guard against misuse without completely sandboxing the underlying processes. Denial of service scenarios are really the least of worries in that case. Many articles have been written over the years about this, though one of the more recent and thorough ones is: https://netsec.expert/posts/breaking-python3-eval-protections/ If it's not trying to prevent getting access to do all the things the interpreter can do outside sagemath as well, then I hardly see this as a vulnerability (any more than "CPython interpreter allows execution of arbitrary Python code" would be, at any rate). -- Jeremy Stanley
Attachment:
signature.asc
Description:
Current thread:
- sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Michael Orlitzky (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeffrey Walton (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Seth Arnold (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Russ Allbery (Sep 07)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 08)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Georgi Guninski (Sep 14)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)
- Re: sagemath denial of service with abort() in gmp: overflow in mpz type Jeremy Stanley (Sep 06)