Graphite

The pickle receiver is vulnerable to injection of arbitrarily pickled objects

Bug #817247 reported by Dave Rawks on 2011-07-27

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Graphite	Fix Committed	Undecided	Unassigned

Bug Description

The picklereceiver should require some sort of authentication to ensure that only trusted receivers can send pickle objects AND/OR the deserialization of pickle objects should be somehow sanitized to prevent arbitrary class objects from being called.

example:
http://penturalabs.wordpress.com/2011/03/17/python-cpickle-allows-for-arbitrary-code-execution/

Revision history for this message

chrismd (chrismd) wrote on 2011-10-06:

I've added a new USE_INSECURE_UNPICKLER option to carbon.conf, it defaults to False, so the default implementation now is basically the implementation from http://nadiana.com/python-pickle-insecure

I left the insecure version as an option because it is faster. Also note that not using the insecure unpickler does not imply that the unpickler you get is secure! There are various vulnerabilities in the pickle protocol beyond just calling os.system.

If you install 0.9.9 and see a performance regression you might consider explicitly setting USE_INSECURE_UNPICKLER = True.

Changed in graphite:
status:	New → Fix Committed

Michael Leinartas (mleinartas) on 2013-01-25

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.