oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sagemath denial of service with abort() in gmp: overflow in mpz type

From: Michael Orlitzky <michael () orlitzky com>
Date: Tue, 06 Sep 2022 08:31:12 -0400
On Tue, 2022-09-06 at 11:50 +0000, Jeremy Stanley wrote:

On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote:
[...]

sagemath gives access to the python interpreter, so code execution
is trivial.

[...]

I'm not familiar with sagemath, but is it intended to protect
against such cases? Note that even if all it does is pass
expressions into CPython's eval(), it's pretty much impossible to
guard against misuse without completely sandboxing the underlying
processes. Denial of service scenarios are really the least of
worries in that case.


That's about right. Sage does provide a web-based notebook interface,
but the bottom line is that crashing is one of the nicer things you can
ask it to do if it will execute your commands.
Previous By Date Next
Previous By Thread Next

Current thread: