Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

Code injection #38

Open
QiAnXinCodeSafe opened this issue Jul 28, 2020 · 1 comment
Open

Code injection #38

QiAnXinCodeSafe opened this issue Jul 28, 2020 · 1 comment

Comments

@QiAnXinCodeSafe
Copy link

IntelSEAPI/runtool/sea_runtool.py

Line 580 in 88a56e0

tree["process"] = eval(file.read())

Python allows users to execute instructions dynamically. When this function is exploited by malicious users, a dynamic code parsing attack will occur
@araud
Copy link
Contributor

araud commented Jul 28, 2020

Please describe the situation when and how this is going to happen? What will be the use case for malicious users?
Suppose I am running the tool on my machine and you are the malicious user on yours. Please start from this point?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@araud @QiAnXinCodeSafe