Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
1.7.2
Description
I have noticed that there is a possibility to exploit fetcher and overwrite any file on the agent host.
scenario to reproduce:
1) prepare a file with any content and name a file like "../../../etc/test" and archive it. We can use python and zipfile module to achieve that:
>>> import zipfile >>> zip = zipfile.ZipFile("exploit.zip", "w") >>> zip.writestr("../../../../../../../../../../../../etc/mariusz_was_here.txt", "some content") >>> zip.close()
2) prepare a service that will use our artifact (exploit.zip)
3) run service
at the end in /etc we will get our file. As you can imagine there is a lot possibility how we can use it.
Attachments
Issue Links
- relates to
-
MESOS-9646 Look into enabling the libarchive extraction flag ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS by default
-
- In Progress
-