Hello,
the way attic serve currently works is a bit insecure, particularly if #277 is taken into account. In particular, --restrict-to-path can be easily bypassed.
The problem lies in remote.py:
unpacker = msgpack.Unpacker(use_list=False)
while True:
r, w, es = select.select([stdin_fd], [], [], 10)
if r:
data = os.read(stdin_fd, BUFSIZE)
if not data:
return
unpacker.feed(data)
for type, msgid, method, args in unpacker:
method = method.decode('ascii')
try:
try:
f = getattr(self, method)
except AttributeError:
f = getattr(self.repository, method)
res = f(*args)
except Exception as e:
os.write(stdout_fd, msgpack.packb((1, msgid, e.__class__.__name__, e.args)))
else:
os.write(stdout_fd, msgpack.packb((1, msgid, None, res)))
if es:
returnIf we consider an attacker who can access a remote SSH with attic server --restrict-to-path as forced command, he can send msgpack'd data to call arbitrary methods on both RepositoryServer and Repository objects, including Python's object builtin methods.
While arbitrary Python code execution is not straightforward (because strings are actually unpacked as byte strings), it is way too permissive as one can pass arbitrary arguments to all methods.
A potential fix would be whitelisting the allowed methods and parameters.
Hello,
the way
attic servecurrently works is a bit insecure, particularly if #277 is taken into account. In particular,--restrict-to-pathcan be easily bypassed.The problem lies in
remote.py:If we consider an attacker who can access a remote SSH with
attic server --restrict-to-pathas forced command, he can send msgpack'd data to call arbitrary methods on bothRepositoryServerandRepositoryobjects, including Python's object builtin methods.While arbitrary Python code execution is not straightforward (because strings are actually unpacked as byte strings), it is way too permissive as one can pass arbitrary arguments to all methods.
A potential fix would be whitelisting the allowed methods and parameters.