diff --git a/.jules/sentinel.md b/.jules/sentinel.md index 0dca922..9bd1f25 100644 --- a/.jules/sentinel.md +++ b/.jules/sentinel.md @@ -48,6 +48,10 @@ **Learning:** Variables that determine file paths or download URLs, even when fetched from typically trusted external sources (like a GitHub API), must be treated as untrusted input. If an API response is manipulated or unexpected (e.g., changing a version string to `../../../etc/passwd` or embedding shell commands), it can lead to path traversal, arbitrary file writes, or URL redirection vulnerabilities. **Prevention:** Always validate dynamically fetched data (like tags or version strings) against strict allow-lists (using POSIX-compliant regex like `^[0-9]+\.[0-9]+\.[0-9]+$`) before interpolating them into paths, URLs, or executing them. +## 2024-05-15 - Sudo Option Injection Prevention +**Vulnerability:** Option injection during privilege escalation. +**Learning:** When invoking `sudo` with user-controlled or variable arguments, specifically when forwarding positional parameters (`$@`), it's possible for those arguments to be interpreted as options to `sudo` itself (e.g. `-i`, `-s`, etc.) if not explicitly delimited. +**Prevention:** Always use the end-of-options delimiter (`--`) immediately preceding the command to execute when calling `sudo` (e.g. `sudo -u "$USERNAME" -- cmd "$@"`). ## 2024-05-15 - Unsafe Direct Execution of Remote Script **Vulnerability:** The devcontainer feature `src/mermaid/install.sh` was directly executing remote bash scripts downloaded via `curl | bash` for NodeSource installation. This exposes the installation process to remote code execution risks if the source is compromised or a Man-in-the-Middle (MitM) attack occurs. diff --git a/src/mermaid/cmd/mmdc b/src/mermaid/cmd/mmdc index eedfa0d..c3d2b39 100644 --- a/src/mermaid/cmd/mmdc +++ b/src/mermaid/cmd/mmdc @@ -75,7 +75,7 @@ if [ "$EUID" -eq 0 ]; then else # Not running as root, check for sudo if command -v sudo &>/dev/null; then - sudo -u "$USERNAME" mmdc -p "$CONFIG_FILE" "$@" + sudo -u "$USERNAME" -- mmdc -p "$CONFIG_FILE" "$@" else echo "Error: Not root and no 'sudo' available to switch user." exit 1