New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
numpy load function with evil data will cause command execution #12759
Comments
the version <=1.16.0 , worked |
Yes, which is why I agree that this would be the better default, so I am open to pushing that deprecation, even if it is unfortunately a bit noisy e.g. for all those scientists just sharing some data in the lab (or just saving/reloading themselves). |
So |
it seems it will be last for a long time |
I would suggest logging a deprecation warning and giving a date if you want a smooth transition. |
@Plazmaz of course, I would go with a VisibleDeprecationWarning, if we want casual users to stop doing it. Then deprecate after one or two releases. The thing is that it is annoying to work around if you have to and the kwarg does not exist in some older versions. Because then you have to do Anyway, I think there is a good chance you can get it into 1.17. So if you feel open a PR, but we may want to ping the mailing list to see if someone complains. |
Hi, Fedora numpy RPM maintainer. What's a good way to mitigate this in distro packaging? |
I do not know of a nice way. Depending on the concern level, I would be up to adding a warning very soon, so that it is definitely there in 1.17. If someone is extremely concerned, we could discuss backporting it or moving quicker, but that would depend a lot on whether or not downstream depends on it. |
I am working on this. |
cc @jeanqasaur re: security / vulnerability expertise |
@limburgher: what does fedora do about the exact same functionality built into Python? It's not clear that this is something that needs mitigating. While I'm not opposed to changing the default, it seems wrong to declare this a vulnerability. It's working as documented and designed. |
Unfortunately the rule is that once a CVE number is assigned, it no longer matters whether there is any bug or not, the distros have to try to do something to prove to their customers that they are Providing Value. Not sure what that would be here, but companies and ops people are always struggling to manage the ongoing flood of vulnerabilities, and the tools they use to do this don't have a lot of room for communicating nuance, so that's the way the pressure goes. We don't have customers though, so we shouldn't necessarily take that into account outselves. We can tell during @eric-wieser The difference from the stdlib pickle is that |
Honestly, if it's documented, intentional functionality, I can close the BZ in good conscience, especially if safe is the default. I don't know how we handle Python's functionality. I'll look. |
From my examination of the spec, I don't think we alter anything from upstream in that regard. |
Has the CVE been disputed? That might make the scenario clearer to maintainers. |
The CVE appears largely bogus. That It would have been better if the default had been to load object arrays only when explicitly asked, but it is as it is for historical reasons. The transition has been suggested also before, and the discussion above is about how to make it in a way that does not uncontrollably break backward compatibility. Careless use of |
I would rather only say that it is documented. I've been using numpy for a few years, and while I'm not a frequent user of The fact that
In comparison, the docs of
I wouldn't hate it if we could put a Big Red Warning into the documentation of |
Documentation PR welcome for |
Load uses pickle under the hood for object arrays, this is made more visible in the documentation using a warning. See also numpygh-12759
Documentation now has a warning about pickle |
@njsmith it is not so bad: we will make |
a partial mitigation of numpy#12759. see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
a partial mitigation of #12759. see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
a partial mitigation of numpy#12759. see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
a partial mitigation of numpy#12759. see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
Could you please close this issue as it is referenced in https://nvd.nist.gov/vuln/detail/CVE-2019-6446 because of which nexus iq still consider it has Vulnerable |
thanks @Manjunath07 |
…at to numpy Base_wendelinTextToNumpy just takes a string and pass it to numpy.load, but numpy.load will load pickles (problem from numpy/numpy#12759 ). Therefore we disallow loading pickles here until this becomes the default in newer numpy versions. Co-authored-by: Jérome Perrin <jerome@nexedi.com>
…at to numpy Base_wendelinTextToNumpy just takes a string and pass it to numpy.load, but numpy.load will load pickles (problem from numpy/numpy#12759 ). Therefore we disallow loading pickles here until this becomes the default in newer numpy versions. Co-authored-by: Jérome Perrin <jerome@nexedi.com>
numpy load function with evil data will cause command execution,if attack share evil data on internet,
when user load it , it will cause command execution.
Reproducing code example:
Numpy/Python version information:
1.14.6
The text was updated successfully, but these errors were encountered: