[sf-lug] Malware on PyPI repository

Akkana Peck akkana at shallowsky.com
Sun Dec 5 17:53:13 PST 2021

Sorry to miss today's Jitsi meeting: I had (COVID-)booster-head and
decided to go read a book for a while instead.

Rick Moen writes:
> PyPI Project's self-description:
>   The Python Package Index (PyPI) is a repository of software for the
>   Python programming language.  PyPI helps you find and install software 
>   developed and shared by the Python community.
> Looking at the FAQ, I see that this is a means for people on any OS to
> circumvent their distro protections (if any) to grab and install Python
> interpreted code from a large number of Python coders and add it to a
> real system using Python's "pip" installer tool.  

That's correct. It has about the same security as installing from a
github repo (i.e. basically none), but it's a lot easier for the user.

Packages on PyPI are signed, but that by itself doesn't tell you
anything since anyone can create a GPG key and sign a package.

> Some means are furnished to limit the inherent harm doing this creates
> to the target system, notably the option to install code from PyPI into 
> one of Python3's "venv" lightweight virtual environments, isolating it
> somewhat from the system.  

Unfortunately, a virtualenv doesn't protect your system at all.
It's not a chroot or anything like that, just a set of environment
variables defining things like PYTHONPATH.

> Getting back to my questions:  Who are these guys?  Well, it's an
> offshoot of Python Software Foundation.  It's like what CPAN is for
> Perl, Gems for Ruby, npm for Javascript, Composer and PEAR for PHP,
> NuGet for .NET.  

Exactly. Or AUR for Arch Linux.

> So, very weak, functionally nil, vetting of new code maintainers and
> also of what they submit.  

I suspect that if someone managed to upload malware to PyPI as part
of a well known project, it would get noticed pretty quickly. So if
you're getting, say, flask or matplotlib from PyPI, you're probably
pretty safe. On the other hand, if you're downloading and running
"10Cent11" or "importantpackage" without doing any research on them
... well, not so safe.

> effectively uncurated (or loosely curated) "bazaar" code hosting sites,
> e.g., the older instantiation of addons.mozilla.org (before Mozilla,
> Inc. cracked down on the dangerous chaos there), Gnome-look.org, and

Did they? I thought only plugins marked "recommended" had been
curated, and that anyone could still submit a plugin.

> So, takeaway lesson:  If you disregard the gatekeeping protection of
> your distro package regime, and go nonchalantly grabbing things
> [ ... ] you are playing with fire and may get burned. 

Right. Sometimes you want/need something that isn't in distro repos,
but when doing so, always be conscious of the risks.


More information about the sf-lug mailing list