Backend Development
Python Tutorial
Be Careful When Using YAML in Python! There May Be Security Vulnerabilities
Be Careful When Using YAML in Python! There May Be Security Vulnerabilities
The YAML (YAML Ain't Markup Language) library in Python has been identified as having vulnerabilities that allow the execution of arbitrary commands under certain conditions. The vulnerability arises from the use of the yaml.load function without specifying a safe loader. By default, yaml.load can execute arbitrary Python objects, which creates an attack surface for malicious payloads.
Exploitation via Arbitrary Command Execution
The fundamental risk lies in the deserialization process. When a YAML document contains a malicious payload, yaml.load processes the embedded directives, potentially leading to code execution. For example, consider the following snippet:
1 2 3 4 5 |
|
Here, the yaml.load function parses example.yml without restrictions, making it vulnerable if the YAML content includes unsafe directives. A typical exploit payload can be crafted to execute arbitrary system commands.
Example Payload
1 2 3 4 5 6 7 8 9 10 |
|
Each of these invocations processes the payload, resulting in the creation of a privileged executable in /tmp/bash. This binary can then be executed with elevated privileges:
1 |
|
This demonstrates the potential for privilege escalation if the vulnerability is exploited on a system with misconfigured permissions or other weaknesses.
Reverse Shell Exploitation
A particularly insidious use case is leveraging the vulnerability for a reverse shell. This allows attackers to gain remote access to the target machine. The process involves starting a listener on the attacker's machine and crafting a YAML document designed to establish the reverse connection.
On the attacker's machine, initiate a Netcat listener:
1 |
|
On the target system, execute the following Python script as root:
1 2 3 4 5 |
|
This payload instructs the target machine to connect back to the attacker's listener, providing a fully interactive shell with the privileges of the executing process.
Base64 Encoding for Obfuscation
To bypass basic security controls or filters, the payload can be Base64-encoded. This method adds a layer of obfuscation, potentially evading detection by static analysis tools.
Example
1 2 3 4 5 6 7 8 9 |
|
Mitigation Techniques
Professionals must adopt strict coding practices to eliminate such vulnerabilities. Recommended mitigations include:
-
Using Safe Loaders: Replace yaml.load with yaml.safe_load, which prevents the execution of arbitrary objects.
1
2
3
4
5
import yamlfilename ="example.yml"data = open(filename,'r').read()yaml.load(data) # Unsafe usageCopy after loginCopy after login Restricting Input Sources: Ensure YAML inputs are sanitized and originate only from trusted sources.
Applying Static Analysis: Use tools to scan codebases for unsafe yaml.load invocations.
Environment Hardening: Restrict system permissions to minimize the impact of exploitation. For example, using containerized environments limits an attacker's ability to escalate privileges.
The YAML library’s default behavior exemplifies the risks associated with deserialization in dynamically typed languages like Python. Exploiting this vulnerability requires minimal sophistication, making it a high-priority issue for secure application development. Adopting safe coding practices, along with robust input validation and runtime safeguards, is imperative to mitigate these risks effectively.
The above is the detailed content of Be Careful When Using YAML in Python! There May Be Security Vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1655
14
1414
52
1307
25
1253
29
1227
24
Python vs. C : Applications and Use Cases Compared
Apr 12, 2025 am 12:01 AM
Python is suitable for data science, web development and automation tasks, while C is suitable for system programming, game development and embedded systems. Python is known for its simplicity and powerful ecosystem, while C is known for its high performance and underlying control capabilities.
How Much Python Can You Learn in 2 Hours?
Apr 09, 2025 pm 04:33 PM
You can learn the basics of Python within two hours. 1. Learn variables and data types, 2. Master control structures such as if statements and loops, 3. Understand the definition and use of functions. These will help you start writing simple Python programs.
Python: Games, GUIs, and More
Apr 13, 2025 am 12:14 AM
Python excels in gaming and GUI development. 1) Game development uses Pygame, providing drawing, audio and other functions, which are suitable for creating 2D games. 2) GUI development can choose Tkinter or PyQt. Tkinter is simple and easy to use, PyQt has rich functions and is suitable for professional development.
The 2-Hour Python Plan: A Realistic Approach
Apr 11, 2025 am 12:04 AM
You can learn basic programming concepts and skills of Python within 2 hours. 1. Learn variables and data types, 2. Master control flow (conditional statements and loops), 3. Understand the definition and use of functions, 4. Quickly get started with Python programming through simple examples and code snippets.
Python vs. C : Learning Curves and Ease of Use
Apr 19, 2025 am 12:20 AM
Python is easier to learn and use, while C is more powerful but complex. 1. Python syntax is concise and suitable for beginners. Dynamic typing and automatic memory management make it easy to use, but may cause runtime errors. 2.C provides low-level control and advanced features, suitable for high-performance applications, but has a high learning threshold and requires manual memory and type safety management.
Python and Time: Making the Most of Your Study Time
Apr 14, 2025 am 12:02 AM
To maximize the efficiency of learning Python in a limited time, you can use Python's datetime, time, and schedule modules. 1. The datetime module is used to record and plan learning time. 2. The time module helps to set study and rest time. 3. The schedule module automatically arranges weekly learning tasks.
Python: Exploring Its Primary Applications
Apr 10, 2025 am 09:41 AM
Python is widely used in the fields of web development, data science, machine learning, automation and scripting. 1) In web development, Django and Flask frameworks simplify the development process. 2) In the fields of data science and machine learning, NumPy, Pandas, Scikit-learn and TensorFlow libraries provide strong support. 3) In terms of automation and scripting, Python is suitable for tasks such as automated testing and system management.
Python: Automation, Scripting, and Task Management
Apr 16, 2025 am 12:14 AM
Python excels in automation, scripting, and task management. 1) Automation: File backup is realized through standard libraries such as os and shutil. 2) Script writing: Use the psutil library to monitor system resources. 3) Task management: Use the schedule library to schedule tasks. Python's ease of use and rich library support makes it the preferred tool in these areas.
