added block system auditor
parent
70408b828b
commit
9af3f06b56
|
@ -38,6 +38,8 @@ def sys_hook_entrypoint(event, info):
|
||||||
elif event == 'exec':
|
elif event == 'exec':
|
||||||
# logs and block both exec and eval
|
# logs and block both exec and eval
|
||||||
ministry.ofexec.block_exec(event, info)
|
ministry.ofexec.block_exec(event, info)
|
||||||
|
elif event == 'system':
|
||||||
|
ministry.ofexec.block_system(info)
|
||||||
|
|
||||||
|
|
||||||
def enable_ministries(disable_hooks: Iterable = []):
|
def enable_ministries(disable_hooks: Iterable = []):
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
"""
|
"""
|
||||||
Onionr - Private P2P Communication
|
Onionr - Private P2P Communication
|
||||||
|
|
||||||
Prevent eval/exec and log it
|
Prevent eval/exec/os.system and log it
|
||||||
"""
|
"""
|
||||||
import base64
|
import base64
|
||||||
|
import platform
|
||||||
|
|
||||||
import logger
|
import logger
|
||||||
from utils import identifyhome
|
from utils import identifyhome
|
||||||
|
@ -24,12 +25,30 @@ from onionrexceptions import ArbitraryCodeExec
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
def block_system(cmd):
|
||||||
|
allowed = 'taskkill /PID '
|
||||||
|
is_ok = False
|
||||||
|
if platform.platform == 'Windows':
|
||||||
|
if cmd.startswith(allowed):
|
||||||
|
for c in cmd.split(allowed)[1]:
|
||||||
|
if not c.isalnum() or c not in ('/', 'F', ' '):
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
is_ok = True
|
||||||
|
if not is_ok:
|
||||||
|
logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True)
|
||||||
|
logger.warn(f'POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}')
|
||||||
|
raise ArbitraryCodeExec('os.system command not in whitelist')
|
||||||
|
|
||||||
|
|
||||||
def block_exec(event, info):
|
def block_exec(event, info):
|
||||||
"""Prevent arbitrary code execution in eval/exec and log it"""
|
"""Prevent arbitrary code execution in eval/exec and log it
|
||||||
|
"""
|
||||||
# because libraries have stupid amounts of compile/exec/eval,
|
# because libraries have stupid amounts of compile/exec/eval,
|
||||||
# We have to use a whitelist where it can be tolerated
|
# We have to use a whitelist where it can be tolerated
|
||||||
whitelisted_code = [
|
whitelisted_code = [
|
||||||
'netrc.py',
|
'netrc.py',
|
||||||
|
'shlex.py',
|
||||||
'<werkzeug routing>',
|
'<werkzeug routing>',
|
||||||
'werkzeug/test.py',
|
'werkzeug/test.py',
|
||||||
'multiprocessing/popen_fork.py',
|
'multiprocessing/popen_fork.py',
|
||||||
|
|
Loading…
Reference in New Issue