Hugging Face's logo

manja316
/
modelscan-bypass-ctypes

PyTorch
Model card Files
xet
 Community
modelscan-bypass-ctypes / README.md
manja316's picture
manja316
Upload README.md with huggingface_hub
62a7505 verified
preview code
|
raw
history blame contribute delete
948 Bytes
metadata 
license: mit

ModelScan Bypass PoC — ctypes.CDLL + operator.methodcaller

Demonstrates that ctypes.CDLL combined with operator.methodcaller bypasses modelscan v0.7.6 for native code execution.

Vulnerability

  • ctypes.CDLL(None) loads the default C library (libc)
  • operator.methodcaller("system", b"cmd") calls .system(cmd) on any object
  • Combined: executes arbitrary shell commands via libc's system() function
  • Neither ctypes nor operator.methodcaller are in modelscan's blocklist

Impact

Native RCE — bypasses Python exec entirely. Calls libc system() directly via ctypes FFI. This is the most dangerous variant as it cannot be mitigated by Python-level sandboxing.

Reproduction 

pip install modelscan==0.7.6
modelscan scan -p pytorch_model.bin
# Output: No issues found

python3 -c "import pickle; pickle.load(open('pytorch_model.bin','rb'))"
# Executes arbitrary shell commands via libc