简体繁体 English

Symlink在Python中的漏洞利用

[英]Symlink Exploits in Python

原文 2010-12-24 04:57:16 8 3 python/ symlink/ python-2.4

While reading about shell scripts and temporary file handling, I came across Symlink Exploits. 在阅读shell脚本和临时文件处理时，我遇到了Symlink漏洞。 http://www.linuxsecurity.com/content/view/115462/151/ is the basic idea. http://www.linuxsecurity.com/content/view/115462/151/是基本的想法。 I wondered if Python open() checks the file it is about to open to see if it is a symbolic link and tried to open a symbolic link file in 'w' mode. 我想知道Python open（）是否检查它将要打开的文件以查看它是否是符号链接并尝试以'w'模式打开符号链接文件。 To my surprise it opened the link and consequently overwrote the file to which the link was pointing to. 令我惊讶的是，它打开了链接，因此覆盖了链接所指向的文件。 Now if my python program is doing a lot of file handling and that too in a predictable way, is not possible that an attacker creates a link by the name of the file my program is supposed to create and links it to a critical system file. 现在，如果我的python程序正在以可预测的方式执行大量文件处理，则攻击者不可能通过我的程序应该创建的文件的名称创建链接并将其链接到关键系统文件。 This would overwrite the system file and crash the system? 这会覆盖系统文件并导致系统崩溃吗？ I used Python 2.4. 我使用Python 2.4。 Do subsequent python versions address this issue? 后续的python版本是否解决了这个问题？

Or is this an issue at all? 或者这是一个问题吗？

3 个解决方案

If your program is running with elevated privileges (such as root), then you can prevent this type of attack by not writing to files in a directory where lower privilege users have the ability to create symlinks. 如果您的程序使用提升的权限（例如root）运行，则可以通过不写入较低权限用户能够创建符号链接的目录中的文件来防止此类攻击。

This problem cannot be solved by the language or runtime library, but must be addressed in the environment in which the program runs. 语言或运行时库无法解决此问题，但必须在程序运行的环境中解决。

(Note that if your program is not running with elevated privileges, then the user creating a symlink won't let them to anything that they couldn't have just done themselves without your program.) （请注意，如果您的程序没有使用提升的权限运行，那么创建符号链接的用户将不会让他们在没有您的程序的情况下完成他们自己无法完成的任何操作。）

First of all, the user who runs the script should not have the permission to write critical system files. 首先，运行脚本的用户不应具有编写关键系统文件的权限。 Secondly, it is not pythons task to address that issue. 其次，解决这个问题不是蟒蛇的任务。 It is the task of the developer of the script. 这是脚本开发人员的任务。 Python provides tempfile at least since 2.3. Python至少从2.3开始提供tempfile 。

The problem only happens if you create temporary files (well, in general -- write to files) which have predictable names and are located in a directory which other users can write to. 只有在创建具有可预测名称且位于其他用户可以写入的目录中的临时文件（通常是写入文件）时，才会出现此问题。 So if your script only write to your home directory you are fine. 因此，如果您的脚本只写入您的主目录，那么您可以。 If you need to create temporary files in a shared-write directory, eg /tmp, you should use something like http://docs.python.org/library/tempfile.html 如果你需要在共享写目录中创建临时文件，例如/ tmp，你应该使用像http://docs.python.org/library/tempfile.html这样的东西。