Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 6 Sep 2022 11:50:10 +0000
From: Jeremy Stanley <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: sagemath denial of service with abort() in gmp:
 overflow in mpz type

On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote:
[...]
> sagemath gives access to the python interpreter, so code execution
> is trivial.
[...]

I'm not familiar with sagemath, but is it intended to protect
against such cases? Note that even if all it does is pass
expressions into CPython's eval(), it's pretty much impossible to
guard against misuse without completely sandboxing the underlying
processes. Denial of service scenarios are really the least of
worries in that case. Many articles have been written over the years
about this, though one of the more recent and thorough ones is:
https://netsec.expert/posts/breaking-python3-eval-protections/

If it's not trying to prevent getting access to do all the things
the interpreter can do outside sagemath as well, then I hardly see
this as a vulnerability (any more than "CPython interpreter allows
execution of arbitrary Python code" would be, at any rate).
-- 
Jeremy Stanley

Download attachment "signature.asc" of type "application/pgp-signature" (964 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.