Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 06 Sep 2022 08:31:12 -0400
From: Michael Orlitzky <michael@...itzky.com>
To: oss-security@...ts.openwall.com
Subject: Re: sagemath denial of service with abort() in gmp:
 overflow in mpz type

On Tue, 2022-09-06 at 11:50 +0000, Jeremy Stanley wrote:
> On 2022-09-06 08:47:58 +0300 (+0300), Georgi Guninski wrote:
> [...]
> > sagemath gives access to the python interpreter, so code execution
> > is trivial.
> [...]
> 
> I'm not familiar with sagemath, but is it intended to protect
> against such cases? Note that even if all it does is pass
> expressions into CPython's eval(), it's pretty much impossible to
> guard against misuse without completely sandboxing the underlying
> processes. Denial of service scenarios are really the least of
> worries in that case.

That's about right. Sage does provide a web-based notebook interface,
but the bottom line is that crashing is one of the nicer things you can
ask it to do if it will execute your commands.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.