Disable require("process","os","fs") for security - javascript coding challenges

Disable require("process","os","fs") for security

Introduction

Principle of least privilege says: program must be able to access only the information and resources that are necessary for its legitimate purpose. require("fs") allows filesystem usage, that isn't legitimate purpose for task solving.

Quick non-destructive pentest showed, that system can't be attecked simply. It uses Docker, some sort of app containerization like SELinux/AppArmor, "nobody" user, correct permissions on critical files, not contains runnable sshd daemon.

Low priority warning: /tmp and /dev/shm (shared memory) are writable.

Solution (fix)

Solution is require wrapper, run it before user code (code-golfed :)
//blacklist-like
require=(()=>(r=require,m=>["process","os","fs"].includes(m)||r(m)))();

//whitelist-like
require=(()=>(r=require,m=>["lodash","jquery"].includes(m)&&r(m)))();

Pentest log

//PENTEST LOG START
let proc = require("process"), os = require("os"), fs = require("fs");

fs.readdirSync("/") //contains ".dockerenv" looks like docker, good

os.userInfo() // nobody, good
fs.readFileSync("/etc/passwd", "utf-8") //good: nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

fs.readdirSync("/proc") //looks like SELinux or AppArmor(68 pid) "1","4183","5","5752","5777","68"
fs.readdirSync("/proc/68/cwd") //EACCESS, good
fs.readFileSync("/home/site/.ssh/id_rsa", "utf-8") //EACCES, good
fs.readdirSync("/usr/sbin") // sshd not found, good

function findWritable(base){//puzzled :)
let ls = fs.readdirSync(base);
return ls.map((e,i)=>[fs.statSync(base+e).mode.toString(8)%10,i])
.filter(e=>e[0]==2||e[0]==3||e[0]==6||e[0]==7).map(e=>ls[e[1]])
}

findWritable("/") // "tmp" warning: may be a part of security hole, but empty, seems ok
findWritable("/home/") // [] , good
findWritable("/home/site/") // [] , good
findWritable("/root/") // EACCESS , good
findWritable("/dev/") // "shm" , warning: shared memory, but empty, seems ok
findWritable("/dev/shm") // [] , good
findWritable("/mnt/") // [] , good
findWritable("/lib/") // [] , good
findWritable("/lib64/") // [] , good
//PENTEST LOG END

Useful links

https://en.wikipedia.org/wiki/Principle_of_least_privilege

Created at: 2018/07/12 09:42; Updated at: 2018/07/12 09:42

by:

Rating: 1 Sign up to vote