Skip to content

Unflattening auxiliary variables for secagg does not check instantiated class type #1252

New issue
New issue
Open
Open
Unflattening auxiliary variables for secagg does not check instantiated class type#1252
Labels
bugthis issue is about reporting and resolving a suspected bugcandidatean individual developer submits a work request to the team (extension proposal, bug, other request)
@mvesin

Description

@mvesin
mvesin
opened on Nov 26, 2024

When using auxiliary variables with secagg, the researcher needs to unflatten module-wise cleartext values.
For that purpose it instantiates an object from an AuxVar subtype, the class of the subtype being sent by the nodes

fedbiomed/fedbiomed/common/optimizers/_secagg.py

Line 185 in 56b1419

return aux_cls.from_dict(fields) 

        return aux_cls.from_dict(fields)

Problem: researcher does not check the received class received through the network is a valid and existing class (a subclass of AuxVar that really exists on the researcher.

This may give way to a malicious attacker to execute arbitrary code by sending another class name.
If confirmed, we may need to add check for class names in clear_cls

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    bugthis issue is about reporting and resolving a suspected bugcandidatean individual developer submits a work request to the team (extension proposal, bug, other request)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions