[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Iman Sharafodin added the comment: Thank you for the response. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Ned Deily added the comment: > my only goal was to help Python community (which I love it) to improve the > code quality Thanks for trying to improve things, we do appreciate it! The idea here is that to be able to exploit the crashing pyc file, you need to be able to run an arbitrary pyc

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Iman Sharafodin added the comment: You're right. But if someone uses the exact same code to decompile a pyc to a Python code, attacker doesn't have access to the interpreter and cannot even run the pyc file on the server, but the attacker can cause a crash and run the malicious exploit

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Ned Deily added the comment: If users have unrestricted access to the interpreter, there are easier ways to crash Python than with modified byte code, for example, as is documented with ctypes. As noted on the Python Security Team web page (https://www.python.org/dev/security/): "If you can

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Iman Sharafodin added the comment: It could be potential dangerous, for example some services might use Python Core to decompile pyc files and they could be hacked or some other services could run restricted pyc files for users but using this bug they can escape the sandbox and run the

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Ned Deily added the comment: Sorry, if you modified the pyc file, that is undefined behavior. We make no guarantees that you can't crash the interpreter with arbitrary byte code. -- resolution: -> not a bug stage: -> resolved status: open -> closed

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Iman Sharafodin added the comment: I created a Python file with 12 lines of code and then changed the bytecode to make Python crash (I was testing Python to find security related bugs). I can send the original file, do you need that? -- ___

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Ned Deily added the comment: Thank you for the report. Can you please supply the Python code that was translated into the .pyc file you supplied? If there is some reason that you don't want to post it to this issue, you can email it to secur...@python.org. --

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

Change by SilentGhost : -- nosy: +ned.deily type: -> security ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue41189] An exploitable segmentation fault in _PyEval_EvalFrameDefault

New submission from Iman Sharafodin : Python 3.6 (June 27, 2020) (https://www.python.org/ftp/python/3.6.11/Python-3.6.11.tgz). I found an exploitable segmentation fault in Python 3.6.11 (I validated that by using GDB's Exploitable plugin). Please find the attachment. #0 0x00b63bf4