Node.js sandbox is broken
Ginden opened this issue · comments
start.js file:
var jailed = require('../../../lib/jailed.js');
var api = {};
var plugin = new jailed.Plugin(__dirname + '/plugin.js', api);
plugin.js file:
var require = application.whenConnected.constructor('return process.mainModule.require')();
// do anything with true "require" here
wow, thanks. will investigate
What can one do here with the require() by the way? The point of the sandbox is to protect the main application.
You can require('fs')
or require('child_process')
and do anything with full user permission (including dumping memory of application).
You can require('http')
and overwrite prototypes to track requests.
Or anything else.
Actually I was thinking about running a subprocess in a chrooted environment, and use an OS-level communication channel to avoid shared objects between parent and child processes :-)
If that subprocess was NodeJS, you would still have access to require
, and that basically means to the complete system. The application itself would be safe, of couse, but it would still leave the system open I believe.
Btw, the proposed solution might have some perfomance impact, as it is creating Proxies at each call, Maybe keeping them in a dictionary or something alike would be best (I don't have the time now to do it, maybe in a few days).
On my opinion the performance impact is secondary as long as the sandbox is protected.
On security, I am only in doubt about getPrototypeOf()
method which returns the prototype of an original object. Will need to check this.
Yes, I indeed haven't had time to test it. I barely tested the constructor based exploit. Some more extensive tests should be done. I might be able to do them in 1-2 weeks.
Maybe you should reuse/fork Google Caja for this?
Caja is a separate project which works very differently (parses and evaluates code by itself). Users may choose it instead of Jailed of course.
Any potential solution to this issue been discovered?
There's this library:
https://www.npmjs.com/package/vm2
They seem to resolve this issue through usage of proxies
is there any update on this issue?