| عنوان | louisho5 picobot 0.2.0 Improper Link Resolution Before File Access (CWE-59) |
|---|
| الوصف | # Technical Details
An out-of-workspace file read and overwrite vulnerability exists in the `[FilesystemTool.Execute]` and `[SkillManager.CreateSkill/GetSkill]` methods in `internal/agent/tools/filesystem.go` and `internal/agent/tools/skill.go` of picobot.
The application fails to reject final-path hardlink aliases inside the workspace. An admitted user can first use the default-registered `exec` tool to create a hardlink inside the workspace pointing to an external file, then use the rooted `filesystem`, `read_skill`, or `create_skill` tools to read or overwrite that external inode through the in-workspace alias.
# Vulnerable Code
File: `internal/agent/tools/filesystem.go`, `internal/agent/tools/skill.go`, `internal/agent/loop.go`
Method: `FilesystemTool.Execute`, `SkillManager.GetSkill`, `SkillManager.CreateSkill`
Why: The code relies on workspace-rooted file APIs but does not enforce the business rule that the final file object must belong to the workspace rather than being a hardlink alias to an out-of-workspace file.
# Reproduction
1. Create `outside/secret.txt` and a `workspace/` directory in the same parent path.
2. Use the real agent/tool path to execute `ln outside/secret.txt workspace/link.txt` and `ln outside/secret.txt workspace/skills/alias/SKILL.md`.
3. Read the file through `filesystem` or `read_skill`, then overwrite it through `create_skill`, and confirm the external file changes.
# Impact
- Breaks Picobot’s intended workspace boundary for rooted file tools.
- Allows disclosure and modification of files outside the workspace that are accessible to the Picobot process account. |
|---|
| المصدر | ⚠️ https://github.com/louisho5/picobot/issues/40 |
|---|
| المستخدم | Eric-e (UID 97581) |
|---|
| ارسال | 11/06/2026 10:43 AM (1 شهر منذ) |
|---|
| الاعتدال | 13/07/2026 07:30 PM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 378131 [louisho5 picobot حتى 0.2.0 Workspace filesystem.go CreateSkill/GetSkill تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|