By Jake Edge
March 4, 2009
A sandbox (or restricted execution) environment for a programming language
can be a useful feature to
allow untrusted users access to much of the language while restricting
the "dangerous" operations. Some languages, notably Java, were designed to
support sandboxes from the outset. Others, like Python, have a variety of
possible sandbox solutions, but the core language doesn't support that
functionality. A movement is afoot to change that
for Python by reviving "restricted
mode".
Guido van Rossum raised the subject on the
python-dev mailing list, which started a conversation about the
requirements for such a mode. It turns out that the interested party, who
goes by the name "Tav", would like to be able to run untrusted code within
applications in Google's App
Engine. In particular, he would like to be able to allow untrusted
code to access additional functionality by way of closures. But, because
of the introspection features of Python, a closure object could be used
to circumvent any access restrictions.
The example Tav uses in his App
Engine feature request is instructive:
def _get_blog_posts(db, current_user):
def get_blog_posts():
"""Return Blog posts by the current user."""
return db.get('BlogPost').filter('user =', current_user)
return get_blog_posts
__builtins__['get_blog_posts'] = _get_blog_posts(db, 'tav@espians.com')
This would allow untrusted code to access the database in a constrained
manner, in this case only returning data for one particular user. But, by
peering inside of the
get_blog_posts object, a malicious user could
access the
db object. That would allow access to any data that is
stored in the database.
So, at some level, Tav, van Rossum, and others are trying to create a
restricted mode that limits the introspection so that untrusted code cannot
access attributes that "leak" information from the trusted code. This is a
fairly limited definition of a sandbox, as it relies on App Engine (or
other, such as PyPy
sandbox) safeguards to prevent things like system call access or
problems caused by interpreter segmentation faults. For this exercise,
those problems are explicitly defined away.
The real goal, as outlined
in Tav's blog, is to be able to provide more expressive templating for
users of App Engine applications:
Web applications like Blogger don't allow users to customise their blogs
using a rich language. Instead they have a proprietary templating system
which for the most part is just variable substitution.
Imagine instead if you could let your users use a templating language like
Genshi. Users could have the full
expresivity of the Python language to
generate the output they want.
The problem with letting users do that today is that they would be able to
use it to get at the rest of your application and start doing evil things
to your database.
In order to test his ideas about how to approach this problem, Tav issued a challenge to Python developers to
break his restricted FileReader object such that one could write a file to
the filesystem. It was only a few hours before a simple crack was posted, but, unlike other challenges
of this sort, Tav seemed delighted, rather than defeated, by what was
found. His environment essentially removed access to certain attributes
that are normally associated with an object. In essence, the challenge was
to find more attributes which needed to be added to his list.
A second version
of the challenge was posted to his blog, along with a running tally of
exploits that had been found and fixed. It is an interesting exercise that
Python developers seem to be having fun with. The problem with the
approach is that it relies on blacklists, as Victor Stinner, who also found
the first exploit, points out. A whitelist
approach is likely to be better; choosing which attributes are safe to use,
rather than removing those that are found to be unsafe.
Tav has posted a patch to the Python
core that implements his method into the language proper as suggested by
van Rossum. Given that van Rossum, as Python lead and Google employee, is
uniquely positioned to effect these changes, his promise
to "give it serious consideration,
both for inclusion in core Python and for App Engine" would seem to
carry a lot of weight.
While it is not a complete solution to the sandboxing problem, Tav's work
will help Python applications that already run in somewhat restricted
environments. After all, from App Engine's perspective, all of the code
that it gets is untrusted, so it must provide the safeguards against
exploits of the underlying operating system by way of crashes or system
calls. Tav's code would then allow App Engine user applications to run
their own untrusted code.
This could be a solution for other programs that want to run untrusted
Python code as well. The Battle for
Wesnoth
has support for AIs written in Python, but there have been some security
concerns about users grabbing random, perhaps malicious, AI code. This
change to the Python core, perhaps coupled with a PyPy sandbox might be
enough to change Eric Raymond's recent pronouncement that Lua is the way forward instead of Python.
Comments (5 posted)
Brief items
Red Hat has sent out a reminder that support for RHEL 2.1 will end on May 31, 2009. "
In accordance with the Red Hat Enterprise Linux Errata Support Policy, the
7 years life-cycle of Red Hat Enterprise Linux 2.1 will end on May 31 2009. [...] After that date, Red Hat will discontinue the technical support services,
bugfix, enhancement and security errata updates." Click below for the full announcement.
Full Story (comments: 9)
New vulnerabilities
audacity: buffer overflow
| Package(s): | audacity |
CVE #(s): | CVE-2009-0490
|
| Created: | February 26, 2009 |
Updated: | March 9, 2009 |
| Description: |
Audacity has a buffer overflow vulnerability.
From the Mandriva alert:
Stack-based buffer overflow in the String_parse::get_nonspace_quoted
function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other
versions before 1.3.6 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a .gro file
containing a long string. |
| Alerts: |
|
Comments (none posted)
curl: information disclosure
| Package(s): | curl |
CVE #(s): | CVE-2009-0037
|
| Created: | March 4, 2009 |
Updated: | March 19, 2009 |
| Description: |
The curl utility does not enforce any restrictions when following HTTP redirects. A malicious server could thus create a redirect which would provide access to arbitrary files on the local system. |
| Alerts: |
|
Comments (none posted)
dkim-milter: denial of service, possible arbitrary code execution
| Package(s): | dkim-milter |
CVE #(s): | |
| Created: | March 2, 2009 |
Updated: | March 5, 2009 |
| Description: |
From the Debian advisory:
It was discovered that dkim-milter, an implementation of the DomainKeys
Identified Mail protocol, may crash during DKIM verification if it
encounters a specially-crafted or revoked public key record in DNS.
|
| Alerts: |
|
Comments (none posted)
eID-belgium: improper certificate check
| Package(s): | dhcp, ntp/xntp, squid, wireshark, libpng, pam_mount, enscript, eID-belgium, gstreamer-0_10-plugins-good |
CVE #(s): | CVE-2009-0049
|
| Created: | March 2, 2009 |
Updated: | December 7, 2009 |
| Description: |
From the SUSE advisory:
eID-belgium didn't properly check the return value of the openssl
function EVP_VerifyFinal (CVE-2009-0049).
|
| Alerts: |
|
Comments (none posted)
eog: arbitrary code execution
| Package(s): | eog |
CVE #(s): | CVE-2008-5987
|
| Created: | March 3, 2009 |
Updated: | April 7, 2009 |
| Description: |
From the Mandriva alert: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory.
|
| Alerts: |
|
Comments (none posted)
flash-plugin: multiple vulnerabilities
| Package(s): | flash-plugin |
CVE #(s): | CVE-2009-0519
CVE-2009-0520
CVE-2009-0521
|
| Created: | February 26, 2009 |
Updated: | March 4, 2009 |
| Description: |
flash-plugin has multiple vulnerabilities. From the Red Hat alert:
Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially-crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the victim
loaded a page containing the specially-crafted SWF content. (CVE-2009-0520,
CVE-2009-0519)
It was discovered that Adobe Flash Player had an insecure RPATH (runtime
library search path) set in the ELF (Executable and Linking Format) header.
A local user with write access to the directory pointed to by RPATH could
use this flaw to execute arbitrary code with the privileges of the user
running Adobe Flash Player. (CVE-2009-0521) |
| Alerts: |
|
Comments (none posted)
kdepim: execution of arbitrary code
| Package(s): | kdepim kmail |
CVE #(s): | |
| Created: | February 27, 2009 |
Updated: | March 4, 2009 |
| Description: |
From the Ubuntu advisory: It was discovered that Kmail did not adequately
prevent execution of arbitrary code when a user clicked on a URL to an
executable within an HTML mail. If a user clicked on a malicious URL and
chose to execute the file, a remote attacker could execute arbitrary code
with user privileges. This update changes KMail's behavior to instead
launch a helper program to view the file if the user chooses to execute
such a link. |
| Alerts: |
|
Comments (none posted)
kernel: signal handling vulnerability
| Package(s): | kernel |
CVE #(s): | CVE-2009-0028
|
| Created: | February 26, 2009 |
Updated: | July 2, 2009 |
| Description: |
From the SUSE alert:
A minor signal handling vulnerability was fixed,
where a child could send his parent a arbitrary signal. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2009-0269
|
| Created: | February 26, 2009 |
Updated: | June 9, 2009 |
| Description: |
From the SUSE alert:
fs/ecryptfs/inode.c in the eCryptfs subsystem in the
Linux kernel before allows local users to cause a denial of service
(fault or memory corruption), or possibly have unspecified other
impact, via a readlink call that results in an error, leading to use
of a -1 return value as an array index. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2009-0322
|
| Created: | February 26, 2009 |
Updated: | June 9, 2009 |
| Description: |
From the SUSE alert: drivers/firmware/dell_rbu.c in the Linux kernel allows
local users to cause a denial of service (system crash) via a read
system call that specifies zero bytes from the (1) image_type or (2)
packet_size file in /sys/devices/platform/dell_rbu/. |
| Alerts: |
|
Comments (none posted)
mediawiki: cross-site scripting
| Package(s): | mediawiki |
CVE #(s): | CVE-2009-0737
|
| Created: | March 2, 2009 |
Updated: | October 5, 2009 |
| Description: |
From the Red Hat bugzilla entry:
Multiple cross-site scripting (XSS) vulnerabilities in the web-based
installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12
before 1.12.4, and 1.13 before 1.13.4, when the installer is in active
use, allow remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
|
| Alerts: |
|
Comments (none posted)
mldonkey: information disclosure
| Package(s): | mldonkey |
CVE #(s): | |
| Created: | March 4, 2009 |
Updated: | March 4, 2009 |
| Description: |
MLDonkey up to version 2.9.7 contains a vulnerability which allows a remote attacker to access any file readable by the user. |
| Alerts: |
|
Comments (none posted)
NetworkManager: information disclosure
| Package(s): | network-manager |
CVE #(s): | CVE-2009-0365
|
| Created: | March 4, 2009 |
Updated: | December 16, 2009 |
| Description: |
NetworkManager does not enforce permissions when responding to DBus requests, allowing a local user to view network connection authentication information. |
| Alerts: |
|
Comments (none posted)
network-manager-applet: privilege escalation
| Package(s): | network-manager-applet |
CVE #(s): | CVE-2009-0578
|
| Created: | March 4, 2009 |
Updated: | April 21, 2009 |
| Description: |
Network-manager-applet does not properly check permissions when responding to DBus "modify" and "delete" requests, allowing a local user to modify network connections belonging to other users. |
| Alerts: |
|
Comments (none posted)
optipng: user-after-free
| Package(s): | optipng |
CVE #(s): | CVE-2009-0749
|
| Created: | March 4, 2009 |
Updated: | July 3, 2009 |
| Description: |
OptiPNG 0.6.2 and earlier contains a user-after-free bug in the GIF file reader, allowing "context-dependent attackers" to crash the application. |
| Alerts: |
|
Comments (none posted)
proftpd-dfsg: SQL injection vulnerability
| Package(s): | proftpd-dfsg |
CVE #(s): | CVE-2009-0542
CVE-2009-0543
|
| Created: | February 26, 2009 |
Updated: | September 24, 2009 |
| Description: |
proftpd-dfsg has two SQL injection vulnerabilities.
From the Debian alert:
CVE-2009-0542
Shino discovered that proftpd is prone to an SQL injection
vulnerability via the use of certain characters in the username.
CVE-2009-0543
TJ Saunders discovered that proftpd is prone to an SQL injection
vulnerability due to insufficient escaping mechanisms, when
multybite character encodings are used. |
| Alerts: |
|
Comments (none posted)
psi: denial of service
| Package(s): | psi |
CVE #(s): | CVE-2008-6393
|
| Created: | March 4, 2009 |
Updated: | March 16, 2009 |
| Description: |
The psi instant messaging application suffers from a remotely exploitable integer overflow which can cause a crash, and, possibly, enable remote code execution. More information in this Red Hat bugzilla entry. |
| Alerts: |
|
Comments (none posted)
rubygem-actionpack: HTTP response splitting
| Package(s): | rubygem-actionpack |
CVE #(s): | CVE-2008-5189
|
| Created: | March 2, 2009 |
Updated: | December 10, 2009 |
| Description: |
From the Red Hat bugzilla entry:
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via a crafted URL to the redirect_to
function.
|
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2009-0599
CVE-2009-0600
CVE-2009-0601
|
| Created: | February 27, 2009 |
Updated: | June 30, 2009 |
| Description: |
From the Mandriva advisory:
Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through
1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. (CVE-2009-0599)
Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to
cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. (CVE-2009-0600)
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. (CVE-2009-0601)
Wireshark 1.0.6 is not vulnerable to these issues.
|
| Alerts: |
|
Comments (none posted)
xchat: arbitrary code execution
| Package(s): | xchat |
CVE #(s): | CVE-2009-0315
|
| Created: | March 2, 2009 |
Updated: | December 9, 2009 |
| Description: |
From the Mandriva advisory:
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current X-Chat working directory
(CVE-2009-0315).
|
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Next page: Kernel development>>
