added big brother security auditing to prevent some RCE and leaks
parent
47e69bab99
commit
ae416bc650
|
@ -35,6 +35,9 @@ def _auditing_supported():
|
||||||
def sys_hook_entrypoint(event, info):
|
def sys_hook_entrypoint(event, info):
|
||||||
if event == 'socket.connect':
|
if event == 'socket.connect':
|
||||||
ministry.ofcommunication.detect_socket_leaks(info)
|
ministry.ofcommunication.detect_socket_leaks(info)
|
||||||
|
elif event == 'exec':
|
||||||
|
# logs and block both exec and eval
|
||||||
|
ministry.ofexec.block_exec(event, info)
|
||||||
|
|
||||||
|
|
||||||
def enable_ministries(disable_hooks: Iterable = []):
|
def enable_ministries(disable_hooks: Iterable = []):
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
from . import ofcommunication
|
from . import ofcommunication # noqa
|
||||||
|
from . import ofexec # noqa
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
import ipaddress
|
import ipaddress
|
||||||
|
|
||||||
import logger
|
import logger
|
||||||
|
from onionrexceptions import NetworkLeak
|
||||||
"""
|
"""
|
||||||
This program is free software: you can redistribute it and/or modify
|
This program is free software: you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -30,9 +31,15 @@ def detect_socket_leaks(socket_event):
|
||||||
ip_address = socket_event[1][0]
|
ip_address = socket_event[1][0]
|
||||||
|
|
||||||
# validate is valid ip address (no hostname, etc)
|
# validate is valid ip address (no hostname, etc)
|
||||||
# raises valueerror if not
|
# raises NetworkLeak if not
|
||||||
ipaddress.ip_address(ip_address)
|
try:
|
||||||
|
ipaddress.ip_address(ip_address)
|
||||||
|
except ValueError:
|
||||||
|
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
|
||||||
|
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')
|
||||||
|
|
||||||
|
# Validate that the IP is localhost ipv4
|
||||||
|
|
||||||
if not ip_address.startswith('127'):
|
if not ip_address.startswith('127'):
|
||||||
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
|
logger.warn(f'Conn made to {ip_address} outside of Tor/similar')
|
||||||
raise ValueError('Conn to non loopback IP, this is a privacy concern!')
|
raise NetworkLeak('Conn to non local IP, this is a privacy concern!')
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
"""
|
||||||
|
Onionr - Private P2P Communication
|
||||||
|
|
||||||
|
Prevent eval/exec and log it
|
||||||
|
"""
|
||||||
|
import base64
|
||||||
|
|
||||||
|
import logger
|
||||||
|
from utils import identifyhome
|
||||||
|
from onionrexceptions import ArbitraryCodeExec
|
||||||
|
"""
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
def block_exec(event, info):
|
||||||
|
"""Prevent arbitrary code execution in eval/exec and log it"""
|
||||||
|
# because libraries have stupid amounts of compile/exec/eval,
|
||||||
|
# We have to use a whitelist where it can be tolerated
|
||||||
|
whitelisted_code = [
|
||||||
|
'netrc.py',
|
||||||
|
'<werkzeug routing>',
|
||||||
|
'werkzeug/test.py',
|
||||||
|
'multiprocessing/popen_fork.py',
|
||||||
|
'multiprocessing/util.py',
|
||||||
|
'multiprocessing/connection.py',
|
||||||
|
'onionrutils/escapeansi.py'
|
||||||
|
]
|
||||||
|
home = identifyhome.identify_home()
|
||||||
|
|
||||||
|
for source in whitelisted_code:
|
||||||
|
if info[0].co_filename.endswith(source):
|
||||||
|
return
|
||||||
|
|
||||||
|
if info[0].co_filename.startswith(home + 'plugins/'):
|
||||||
|
return
|
||||||
|
|
||||||
|
code_b64 = base64.b64encode(info[0].co_code).decode()
|
||||||
|
logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True)
|
||||||
|
logger.warn('POSSIBLE EXPLOIT DETECTED: ' + info[0].co_filename)
|
||||||
|
logger.warn('Prevented exec/eval. Report this with the sample below')
|
||||||
|
logger.warn(f'{event} code in base64 format: {code_b64}')
|
||||||
|
raise ArbitraryCodeExec("Arbitrary code (eval/exec) detected.")
|
|
@ -105,5 +105,15 @@ class MissingAddress(Exception):
|
||||||
class ContactDeleted(Exception):
|
class ContactDeleted(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
# Version Errors
|
||||||
|
|
||||||
class PythonVersion(Exception):
|
class PythonVersion(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
# Auditing exceptions
|
||||||
|
|
||||||
|
class NetworkLeak(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
class ArbitraryCodeExec(Exception):
|
||||||
|
pass
|
||||||
|
|
Loading…
Reference in New Issue