oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sagemath denial of service with abort() in gmp: overflow in mpz type

From: Jeremy Stanley <fungi () yuggoth org>
Date: Tue, 6 Sep 2022 11:50:10 +0000
On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote:
[...]

sagemath gives access to the python interpreter, so code execution
is trivial.

[...]

I'm not familiar with sagemath, but is it intended to protect
against such cases? Note that even if all it does is pass
expressions into CPython's eval(), it's pretty much impossible to
guard against misuse without completely sandboxing the underlying
processes. Denial of service scenarios are really the least of
worries in that case. Many articles have been written over the years
about this, though one of the more recent and thorough ones is:
https://netsec.expert/posts/breaking-python3-eval-protections/

If it's not trying to prevent getting access to do all the things
the interpreter can do outside sagemath as well, then I hardly see
this as a vulnerability (any more than "CPython interpreter allows
execution of arbitrary Python code" would be, at any rate).
-- 
Jeremy Stanley

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: