Patch Arbitrary Code Execution #563
Comments
|
It looks like this method is the culprit: I wonder if making it an instance method with mangling would solve the problem. A better solution would be to find another way to do this without pickling. |
|
As far as I can tell, this pickingling is for multiprocessing that makes this so much more complex. It was introduce with the 0.3.0 release in response to this issue: #102 |
|
Hi @aaronclong, thanks for reporting this issue. The Huntr team contacted me some time ago about the vulnerability you're mentioning: 418sec#1 I'm copy-pasting the comment I had left:
I am still quite confused by this report and I do not understand why Loguru is to blame. The user receiving untrusted data should be responsible for sanitizing it before processing it. We can't expect this job to be done by the third-library, otherwise there might be infinite way to execute arbitrary code as demonstrated by the above example. This has little to do with the It is of course a pity that Loguru is reported as a dangerous library, and I wish it could be avoided. Perhaps you disagree with my analysis and can explain to me how my reasoning is wrong? Of course, I'm in favor of improving Loguru safety and thanks for offering your help. However I want to understand the problem first and foremost to justify changes that may have multiple impacts (on features, performances and code complexity). |
|
I wonder if dill would be viable to work around this, since this library controls its own serialization. |
|
@Delgan Since you are using this for exception handeling, it is possible that an exception could trigger by a third-party library or whatever that would trigger it. Loguru would be just a catalyst in that workflow. Likewise, because it is in exceptions, it is extremely hard to sanitize that input. My personal opinion that it is a logging library's responsibility to cover rogue execution. Using pickling is in general kind of dangerous. |
|
@Delgan if you don't have any plans on fixing this or remedying it, I understand. I would like to know though because I will need to remove it from my applications unfortunately. |
Shouldn't the third-library with malicious
How is it different from a third-library with malicious |
|
@Delgan I agree with you that the third party should be flagged as well, but I don't agree that absolves your library in this case. It is on all sides, especially as zero trust principles are concerned. |
|
@Delgan likewise this code could in theory cause the same issue as the log4j exploit that happened this last month. It is quite similar to their arbitrary execution exploit. Again, it's your library. No stress if this isn't the the path you want to go, I just need to know to make the appropriate changes on my end. |
1 similar comment
|
@Delgan likewise this code could in theory cause the same issue as the log4j exploit that happened this last month. It is quite similar to their arbitrary execution exploit. Again, it's your library. No stress if this isn't the the path you want to go, I just need to know to make the appropriate changes on my end. |
|
As I said, I'm all in favor or improving Loguru's security, but I don't know how to do it in this case without compromising the features. The exception needs to be somehow serialized. The exception comes from user's code. I can't restrain the allowed attributes during serialization because it it would unfairly limit usability for users with custom and trusted exceptions. I'm genuinely trying to understand. Do you think Loguru should be responsible for analyzing Here is another example: import os
from multiprocessing import Pool
class Malicious:
def __reduce__(self):
os.system("firefox")
return (Malicious, ())
def f(x):
return 0
if __name__ == "__main__":
with Pool(processes=4) as pool:
pool.map(f, [Malicious()])Should |
|
@Delgan I think I don't know necessarily how to solve this problem, maybe dill or another format would make this less problematic. It could also be a custom internal format that is simple and easy to serialize/deserialize. We could even look into how the built in logger handles this scenario. I am certain we can find other resources for recommendation. As for multiprocessing, it is a library with some flaws in it's design. However, I understand the need to support it. In general, there are people that choose to use alternatives to the built in multiprocessor like pathos. I am neither for nor against multiprocessing, but just want to acknowledge those issues. |
|
Sorry for maybe sounding too defensing , by the way. It's just that I truly don't understand how For example, import os
class Malicious:
def __str__(self):
os.system("firefox")
return "M()"
m = Malicious()
string = f"M: {m}"Anyway, initially you were only trying to solve a problem reported by a third party, so I don't want to bother you further. Thanks for answering my questions. :) I had already looked for safe alternatives to I'll try to get in touch with Huntr team for discussing this issue further. |
|
Also I don't think it's fair to compare this issue with the Log4Shell exploit. To clarify, there is no way for Loguru to execute arbitrary code from user string input alone. |
|
@Delgan it is being flagged for pickle and how it exposes pickle. To be clear, pickle isn't a safe method of serialization. It is a problematic legacy format. Unfortunately, you can convert a pickle response to string and back again. Not saying it is the most likely scenario, but it is possible. Yes, it is quite similar to the log4j issue because it allowed for Java Objects to be loaded dynamically by the logger from another source. The string expansion was only one half of the equation. For more context, read here. |
I agree. However, the
I still fail to see how it relates to Log4Shell exploit. The exploit relies on JNDI to retrieve data from external source which is then possibly run locally, leading to arbitrary code execution vulnerability. Nothing like that is possible in Python formatting and Loguru does not permit it neither. The
Sure, I would love to hear other opinions and possible clarifications. |
|
@Delgan pickle serialization isn't safe, controlling what and who is passed to it s the only way to prevent issues. Currently, Loguru makes no attempt at controlling its inputs to pickel. The patch from 418 sec basically solves this problem. It chokes this off at the source and prevents rogue modules and types form being serialized. You keep emphasizing this false dilemma that user is the fault and sole responsibility. They must sanitize everything before sending it to Loguru. While yes, the user has some job to bear here. They will not know all the things done with their logs and what to watch out for. You and other contributors will know what to look out for. Again, the same issue with Log4j can affect Loguru if the right circumstances arise. The underlying technology is different but the same general exploit would be possible. Instead of JNDI, it would be some rogue input with pickel. While you keep saying *"Nothing like that is possible in Python formatting and Loguru does not permit it neither", there is evidence from 418 sec. Personally, I can think of scenarios where this could accidentally happen as well. You can choose to ignore that fact, but the issue will still persist in this code base. While you keep saying you are open to discussion and ideas, I have yet to find that in any part of this conversation. I know you are well intentioned, but there seems no leeway in the approach you are choosing to take. I generally appreciate this library and think it is great. I thank you for putting it together. However, since this issue will not be resolved, I think I will just have to start the process to remove it from my apps. |
May I ask you to please elaborate your concerns with some concrete example you have in mind? Are you able to share some kind of "minimum reproducible example" demonstrating how Loguru could cause both introduction and execution of malicious code? That would help me a lot. All I want is to understand precisely the problem raised so that I can eventually solve it while minimizing its negative impact on Loguru functionalities and performances. I'm very open to discussion but none of the arguments I mentioned have been fully addressed, which leads me to feel that the campaign against
I know I already asked you about this, but it still puzzles me. Can you please highlight how |
|
@Delgan please reread all the above. I have already explained all of this prior. We are just going in circles at this point. For my sanity and time, I am stopping. I may not have explained in the most clear and precise way, but I have laid it out the best I can. I wish I was a better communicator, but I am not regurgitating the same information for a third or fourth time. Please reread the above, review the PR, and read up on the pickle module. |
|
Sorry for bringing it up again, I was just trying to summarize my concerns. I understand that you may not have the capacity to answer me precisely. For this reason, I asked the reporter directly: 418sec/huntr#1592 (comment) The problem being you claim this issue is similar to Log4Shell exploit without providing any proof. That's a big claim that sounds quite irresponsible to be honest. I understand that you don't want to waste additional time here, but in the absence of proof, I hope that the discerning reader will realize that this statement is false and that the two issues are not comparable. This is probably the first time since I've been maintaining Loguru that I've noticed tension while discussing with an user, and I'm sorry for that. You came here with a lot of good will. I did indeed stick to my guns and I understand how frustrating that is. My intention was not to waste your time. We have two different views, yours that I hope we can both take a step back. I will continue to investigate this issue, my goal is for users to be able to use Loguru without concern. |
|
@Delgan again the proof is in this 418 pr, which you conveniently ignore. I think the more irresponsible thing is to ignore the pitfalls here and not learn from others. Avoiding problems doesn't make them go away. For the record, things can be insecure and have legitimate use cases. The internet is insecure but guard rails are put in to protect servers from exploits because it has legitimate use cases. My frustration resolves from you making no effort to understand the issue, ignoring comments even though I answer your questions in them. You decided on your approach from the get-go with no intention to address the problem, and I am fine with that. However, I wish you had just told me that some 19 comments prior to avoiding this one-sided conversation. Stick to your guns as much as you need to, but you're deciding to ignore that this library is an attack vector. More and more security scans will mark this as such, effectively limiting its use. |
|
Hi @aaronclong. A few weeks have passed, I hope it gave time for minds to cool down. I would like to conclude this ticket. It seems I gave you the impression that my choice regarding this issue was settled from the very beginning, but I can assure you that this is not true. My goal was to understand and prove the absence or presence of a security threat. Again, my intention wasn't to waste your time: I thanked you for your answers and invited you to pause the discussion earlier in this comment, but then it escalated in an unpleasant way. I do care about security. I was just trying to expose my point of view according to which the reported vulnerability was questionable. The Huntr website provide a way to mark a report as "valid" or "invalid", I thought that was the right approach. Please, understand that addressing such concerns isn't without consequences. There are multiple implications that I need to take into account (performances, complexity, functionalities). I can't just blindly apply a patch without careful consideration. For example, one of the suggested solution (establishing a "white list" of allowed modules) is very restrictive for custom user classes, and that's what I was worried about. It would have resulted in new bug reports about deserialization issues. I didn't "conveniently ignore" the 418's PR, I even reached the author for clarifications. From my understanding, it only demonstrates that it's possible to indirectly call Your point about responsibility and importance of mitigating risks is very valid. However, removing To illustrate why this looks a bit silly to me: the Anyway, you are right when you mention that other security tools might automatically flag Loguru by detecting a use of There is no "easy fix" otherwise I would have applied with without much debate. There are two downsides with this removal:
I am not very satisfied, and I will try to find an alternative solution later, but I wanted to be able to close this ticket due to how it turned out. Thanks anyway for opening a ticket about security concerns, in the end it leads to a positive outcome as developers should be able to use Loguru with confidence from now on. |
|
@Delgan when you called me irresponsible that greatly escalated the matter. It took a technical matter, and made it personal to me. Especially since I was attempting to do the responsible thing to help you fix the issue. I am still offended by the assumption. I do not believe you acted in good faith in any part of this conversation. I do not agree with you technically on any matter on this thread, and especially on how this library uses the pickle module. However, I tried to not attack you at all or even make insinuations about you until that point. While I am glad, you made moves on the patch. I do generally regret even broaching the issue because it wasn't worth it. I wish you the best with this library. You won't have to worry about me bothering you more about this issue or anything else with this library. |
|
Hi @Delgan, appreciate your measured response to the issue at hand and eventual resolution. However, it doesn't look like the patch has made it into a release yet - are you planning on creating a new version soon? As my company is also flagging |
|
Hi @lynshi. There are several breaking-changes I would like to implement before releasing a new minor version. Some of them are already present on the If this is a possibility for you, maybe you can install a specific hash of Loguru containing the patch: pip install git+git://github.com/Delgan/loguru.git@4b0070a4f30cbf6d5e12e6274b242b62ea11c81b |
|
Hi @Delgan, thanks for the information! No problem at all; turns out our exception process is pretty painless, so this is no longer a significant blocker. Appreciate your work on this! |
|
This issue thread is quite bizarre. The maintainer is quite right in asking how something can be exploited and upon reading the discussions here it does seem to boil down to “you use pickle”, which is rather silly. The example exploit code in the linked PR boils down to:
If someone could post a snippet showing how a user-inputted string makes it’s way into @Delgan your replies here are fantastic and I’m sorry this kind of issue has come up. But as it currently stands Dependabot (and other systems that use the same vuln feeds) are reporting to tens of thousands of repositories that there is a “critical remote code vulnerability in loguru”. While it seems to be complete crap, you may want to consider cherry-picking the commit and putting out a patch release without the breaking changes, just so people can update with the minimum amount of effort? |
|
Oh, it seems like there's been a lot of traffic around here lately. @orf I didn't realize the consequences of having this vulnerability officially disclosed. Under these circumstances, it's indeed not reasonable to wait several weeks or months before publishing a new version. Consequently, I just release I hope it will be helpful. 👍 |
|
I'm confused as well. All that CVE is showing is that someone who can run Python code can call a Python method. Where is the actual exploit? |
|
Yea if possible can anyone explain why the CVE is so high ? |
|
FWIW -- It seems the original reporter/source (huntr?) classified this as a 3.8?
No idea why this was classified so high. |
|
I summarized my thoughts on this in a blog post, and I hope some interesting discussions on this might appear on hacker news. It's disconcerting to me that such an issue can make it's way into a CVE, then into a github advisory. |
|
@aaronclong aaronclong |
|
For context, I didn't create the CVE. I merely started the github issue around it. |
|
|
|
Hello, I run the product team for supply chain security at GitHub, including our Advisory Database (where you can see this advisory) and Dependabot alerts (which we sent for this advisory). First up, thank you everyone for the above. Clearly things didn't go to plan here, but having read through every comment I can see that everyone here had good intentions. Having reviewed the above, the GitHub Advisory Database team are going to stop alerting on this advisory. We don't currently have a way to retract the Dependabot alerts we've already sent, but I've asked the team to look into functionality to do that in future. I've also asked them to look into adding a clear way to display CVEs in the GitHub Advisory Database that we have chosen not to alert on (even if they have not been withdrawn from the National Vulnerability Database). I'd like us (GitHub) to learn from ☝🏻 and improve our security-related features and processes to help more when a maintainer receives a security report. We have a team of security researchers on staff dedicated to open source security (the GitHub Security Lab) who can be part of the solution. @Delgan would you be up for chatting with two of my colleagues, @KateCatlin and @xcorail? |
|
Hey @jhutchings1, thanks for this update from the Github team! Sure, I'm open to discussion if it can help. How should we proceed? |
Thanks! You can email me at my github handle @github.com and I'll connect you with folks directly. |
There is a method to 'dispute' a CVE, please let me know if you want this followed up as I am very familiar with this process. |
- CVE-2022-0329, Delgan/loguru#563 - Changed dependency version up to loguru v0.6.0
I think that would be up to @Delgan, no? If not then I’d be interested in knowing more about the process |
|
Mitre has it documented here: https://cve.mitre.org/cve/list_rules_and_guidance/correcting_counting_issues.html#dispute Specifically the part: Not everyone shares the same definition of a vulnerability. One person’s vulnerability is another person’s security hardening opportunity, and another person’s intended functionality. How does CVE deal with these differing opinions? When an authoritative source disputes the validity of the vulnerability, “** DISPUTED **” is added to the beginning of the description, and a short NOTE is added to the end explaining why the vulnerability is disputed. Ideally, the disputing party provides a link that can be added to the CVE as a reference, and a quote that can be used as the explanation in the NOTE. However, neither are required. You can lodge a dispute here: https://cveform.mitre.org/ Choose "Request a update to e CVE Entry" My advice is to make a github issue or wiki page separate to this outlining the specifics of why is not an issue, and lock it. (People will almost definitely have 'input' on this, and you want the message to be your definitive voice, nobody else) State that you'd like it to be disputed (you can't reject it, only the original CVE submitter can do that, sadly) and provide a link to your description on why this is not a flaw. Also, you can provide them with a small blurb that explains why it is not a flaw for their page. This 'small blurb' will become visible on the CVE pages and tooling (and of course, vulnerability scanners) showing the correct state of the flaw and the current DISPUTED status. This can take up to two weeks, but Mitre is pretty good at it, they -may- refer you to github as the CNA and put you in contact with the github CNA ( https://www.cve.org/PartnerInformation/ListofPartners/partner/GitHub_M ) I do not know the original reporter of the flaw but contacting github on the top address may be able to put you in contact with the original reporter who -may- request REJECTION of the CVE.. but I've never had a reporter ever reject a CVE in multiple attempts over 10 years of working with flaws. If you have any more questions wmealing @ < #ff0000 > hat.com . Thanks. |
|
The CVE was rejected apparently now. |
|
Posted to wrong github issue. Removing.
|
My company's internal deps auditing system is beginning to flag loguru because of this potential exploit. I don't know if it has come to your attention.
I don't know exactly how to prevent it, but am willing to help out if you need support. I will study the issue more.
418sec/huntr#1592
The text was updated successfully, but these errors were encountered: