-
Notifications
You must be signed in to change notification settings - Fork 28.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivial pollution of workbench.action.terminal.runRecentCommand list #158120
Comments
Thanks for the report! We had a chat about this and feel solving the second problem mostly solves the first problem, while at the same time not restricting or making the protocol we use overly complex. Current proposal:
For the password/nonce approach we could go this route, but given the actions above I'm more concerned about programs misusing the protocol to fill the commands list with unwanted commands than I am about malicious commands. We can look into this at a later time if we find it's needed. We could also just add a dialog for the user to confirm a long command but I'd really like to not take away from the usability of the feature. It's possible future iterations will use something closer to the auto-complete UI in the editor as well at which point we could put the full command in the detail. |
@Tyriar that avoids the super-trivial attack, but it's pretty easy to work around that protection: echo "Hello here is some legitimate content" > info.txt
PAD=" \342\201\257"
MPAD="$PAD$PAD$PAD$PAD$PAD$PAD$PAD$PAD$PAD$PAD"
printf "\033]633;E;npm install$MPAD$MPAD$MPAD$MPAD$MPAD$MPAD$MPAD$MPAD$MPAD$MPAD & badcommand\007" >> info.txt Definitely much more noticeable when it executes, but by then it's too late (and I'm sure more subtle ways can be found given some effort; this was just the first thing that came to mind) |
@davidje13 thanks again 🙂. That's where the details to call out long commands and let you preview them comes in. We're also thinking about supporting multiple lines in the details part which could let us preview the entire command #153095 |
Clarifying status: this is a feature request that's blocked on #153095 landing |
Does this issue occur when all extensions are disabled?: Yes
This does not appear to meet the definition of a security vulnerability as defined in your security policy, but is concerning so I am raising it as a standard bug report instead.
Steps to Reproduce:
Run this innocent-looking curl request in the vscode terminal:
(you can see the file being downloaded and the plain-text script used to generate it here: https://github.com/davidje13/vscode-command-test)
It will output: "Hello here is some legitimate content"
Run the command
workbench.action.terminal.runRecentCommand
(e.g. by using Cmd+R / Ctrl+R if the suggestion in the documentation has been followed)Notice that
make
(and possiblynpm install
, but adding multiple commands at once seems unreliable) have appeared in the list. Notice that running one of these will execute the expected command, followed by the (nonexistent)badcommand
executable (which in practice could obviously be anything)This example uses
curl
ing a URL, but it applies to any situation where a malicious actor can manipulate output displayed in the terminal as the result of any command (e.g. npm package installation info even if scripts are disabled, or server log output when running a local server via this terminal).Fortunately this list appears to only be used (so far) for the command history feature, which is not enabled by default.
There are 2 issues here:
\033]633;E;%s\007
(the example above adds some other sequences around it to improve the reliability when registering multiple commands at once)For the first issue, adding a per-session or per-installation random "password" to the escape sequence may be enough to prevent most attacks (as accessing this "password" would likely require script level access anyway)
For the second issue, collapsing multiple spaces in the display might help, but there are likely other ways to obfuscate this sort of thing.
The text was updated successfully, but these errors were encountered: