*Summary:*

The PyTorch distribution package (python3-torch) installs several compiled
C++ binaries under:

/usr/lib/python3/dist-packages/torch/bin/

Multiple binaries are built with an empty entry in their RUNPATH header,
which appears as a leading colon:

:$ORIGIN/../lib

An empty RUNPATH element causes the current working directory (CWD) to be
included in the dynamic loader's library search path. As a result, an
attacker may be able to achieve arbitrary code execution by placing a
malicious shared library in a directory and inducing a victim to execute
one of the affected binaries from that location.

This issue is an instance of CWE-426 (Untrusted Search Path).

*Impact:*

If a developer, researcher, or automated process executes one of the
affected binaries while its current working directory is
attacker-controlled (for example, a cloned repository, downloaded dataset,
extracted archive, shared workspace, or /tmp directory), the dynamic loader
may load attacker-controlled shared libraries from that directory.

Code execution occurs during dynamic library loading, prior to execution of
the program's main() function.

Affected Binaries

I tested 14 binaries shipped in torch/bin and successfully exploited the
following 9 binaries:

   - test_api
   - FileStoreTest
   - HashStoreTest
   - TCPStoreTest
   - test_cpp_rpc
   - test_dist_autograd
   - test_edge_op_registration
   - test_lazy
   - test_tensorexpr

*Verification:*

$ readelf -d /usr/lib/python3/dist-packages/torch/bin/test_api | grep
RUNPATH

0x000000000000001d (RUNPATH) Library runpath: [:$ORIGIN/../lib]

The leading colon represents an empty RUNPATH element.

*Example:*

$ mkdir -p /tmp/malicious_workspace
$ cd /tmp/malicious_workspace
$ cat << 'EOF' > poc_libm.c
#include <stdio.h>
#include <stdlib.h>