Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using predictable tmp directory #20

Open
stahnma opened this issue Aug 25, 2017 · 4 comments
Open

Using predictable tmp directory #20

stahnma opened this issue Aug 25, 2017 · 4 comments
Labels
bug

Comments

@stahnma
Copy link

stahnma commented Aug 25, 2017

When building projects with rubyc/ruby-packer., it uses a predictable name, in /tmp. If this is happening, an attacker could put their own payloads and instructions in that location. Additonally, it prevents multiple builds using ruby-packer from happening at the same time on the same system.
@SwagDevOps
Copy link
Contributor

You could use your own location for temp directory, sample of use: tasks/gem/compile#L64.

@0x1eef
Copy link

0x1eef commented Aug 25, 2017

This should be fixed in ruby-packer.
It's legitimate security issue.

@0x1eef
Copy link

0x1eef commented Aug 25, 2017

I seen similar in the past with tools like this:

loop do
  File.binwrite "evilpayload", File.join("tmp", "ruby")
end

If this is running all the time, then it's possible due to race condition that ruby-packer launches "evilpayload" instead of ruby.

@0x1eef
Copy link

0x1eef commented Aug 25, 2017

Also more sophisticated solutions at hand using FS events. Which is why i think ruby-packer needs a robust solution to this problem.

@drbrain drbrain added the bug label May 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stahnma @drbrain @0x1eef @SwagDevOps