Pain Pickle: Bypassing Python Restricted Unpickler for Automatic Exploit Generation

Nan Jung Huang*, Chih Jen Huang, Shih Kun Huang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Pickle is a built-in library in Python that can serialize and deserialize Python objects and data structures. However, the process of pickle deserialization has been confirmed as a hazardous operation. Marco Slaviero uncovered its dangerous vulnerability and proposed exploitation methods in BlackHat 2011. As a result, corresponding defense methods have also been generated. Restricting Globals was proposed in the official Python documentation as a defensive approach.We find that defense implementations are incorrect in some cases. Therefore, we conducted a large-scale analysis of 7543 open-source Python projects with more than 100 stars to find that 36 projects have implemented defense strategies. Among them, nine projects were not correctly implemented. Furthermore, we investigated the root causes of their failures for automatic exploit generation from these projects.

Original languageEnglish
Title of host publicationProceedings - 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security, QRS 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1079-1090
Number of pages12
ISBN (Electronic)9781665477048
DOIs
StatePublished - 2022
Event22nd IEEE International Conference on Software Quality, Reliability and Security, QRS 2022 - Virtual, Online, China
Duration: 5 Dec 20229 Dec 2022

Publication series

NameIEEE International Conference on Software Quality, Reliability and Security, QRS
Volume2022-December
ISSN (Print)2693-9177

Conference

Conference22nd IEEE International Conference on Software Quality, Reliability and Security, QRS 2022
Country/TerritoryChina
CityVirtual, Online
Period5/12/229/12/22

Keywords

  • Application Security
  • Deserialization
  • Pickle
  • Python
  • Restricted Unpickler
  • Restricting Globals

Fingerprint

Dive into the research topics of 'Pain Pickle: Bypassing Python Restricted Unpickler for Automatic Exploit Generation'. Together they form a unique fingerprint.

Cite this