Khrys1d ago

A popular Python library just became a backdoor to your entire machine

https://www.xda-developers.com/popular-python-library-backdoor-machine/

It's one of the most popular Python libraries for interacting with large language models [...] It has over 40,000 stars on GitHub, and it's an important dependency in a lot of AI tooling. It's also been compromised on PyPI, and the malicious versions are stealing everything they can find on your machine.

Sorry but... 🍿

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

XDA
Show threadCassandrich20h ago
@Khrys Wait, what? Python has a place you can install the Python equivalent of LD_PRELOAD code that gets injected into every program, and packages from their package manager can just drop stuff in there? Who came up with that shit and why isn't it fixed??
Show threadDavid Fetter20h ago

@dalias There's a fun story about embedding Python https://www.postgresql.org/docs/current/plpython.html . "meaning it does not offer any way of restricting what users can do in it" is load-bearing.

That it's categorically impossible to prevent Python from doing fopen(), or any other thing, is just wild, and was understood decades back. It's a design feature.

Chapter 44. PL/Python — Python Procedural Language

Chapter 44. PL/Python — Python Procedural Language Table of Contents 44.1. PL/Python Functions 44.2. Data Values 44.2.1. Data Type Mapping 44.2.2. Null, …

PostgreSQL Documentation
Show threadCassandrich20h ago
@davidfetter That's different and expected. It's not an embedded language. But the package manager should not allow a package installed with the intent just to use it in certain programs (which might all run in an isolated privilege domain) to install backdoor code that runs in all Python programs in any privilege domain.
Show threadJoshix18h ago
@dalias @davidfetter a python package, can run arbitrary code on installation. So it's already too late then
Show threadDavid Fetter

@joshix @dalias yep. Also, there's no way to prevent it from loading packages, or from doing anything else the shell that spawned it could do.

Python's popularity stems from...well, it's complicated, but there's a gigantic ecosystem now, and that's important when schedules set by people who have no part in writing, testing, or supporting code force people doing those things to cut corners. That usually works even after the first bug causes out-of-SLA downtime, irretrievable data loss, etc. It fails catastrophically when there are attackers.

3:59pmWeb