• Disable require("process","os","fs") for security



Principle of least privilege says: program must be able to access only the information and resources that are necessary for its legitimate purpose. require("fs") allows filesystem usage, that isn't legitimate purpose for task solving.

Quick non-destructive pentest showed, that system can't be attecked simply. It uses Docker, some sort of app containerization like SELinux/AppArmor, "nobody" user, correct permissions on critical files, not contains runnable sshd daemon.

Low priority warning: /tmp and /dev/shm (shared memory) are writable.

Solution (fix)

Solution is require wrapper, run it before user code (code-golfed :)


Pentest log

let proc = require("process"), os = require("os"), fs = require("fs");

fs.readdirSync("/") //contains ".dockerenv" looks like docker, good

os.userInfo() // nobody, good
fs.readFileSync("/etc/passwd", "utf-8") //good: nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

fs.readdirSync("/proc") //looks like SELinux or AppArmor(68 pid) "1","4183","5","5752","5777","68"
fs.readdirSync("/proc/68/cwd") //EACCESS, good
fs.readFileSync("/home/site/.ssh/id_rsa", "utf-8") //EACCES, good
fs.readdirSync("/usr/sbin") // sshd not found, good

function findWritable(base){//puzzled :)
let ls = fs.readdirSync(base);
return ls.map((e,i)=>[fs.statSync(base+e).mode.toString(8)%10,i])

findWritable("/") // "tmp" warning: may be a part of security hole, but empty, seems ok
findWritable("/home/") // [] , good
findWritable("/home/site/") // [] , good
findWritable("/root/") // EACCESS , good
findWritable("/dev/") // "shm" , warning: shared memory, but empty, seems ok
findWritable("/dev/shm") // [] , good
findWritable("/mnt/") // [] , good
findWritable("/lib/") // [] , good
findWritable("/lib64/") // [] , good

Useful links