| عنوان | zevorn rt-claw unreleased post-v0.2.0 (36d128f) Improper Authorization (CWE-285) |
|---|
| الوصف | # Technical Details
An Improper Authorization vulnerability exists in the swarm RPC receiver at `handle_rpc_request()` in `claw/services/swarm/swarm.c` of rt-claw.
The application implements a `CLAW_TOOL_LOCAL_ONLY` flag to designate tools that must not be invoked remotely, but only enforces this policy on the sender side (`swarm_rpc_call()`). The receiver path `handle_rpc_request()` accepts unauthenticated UDP RPC packets, resolves the attacker-supplied `tool_name`, parses the JSON payload, and calls `claw_tool_invoke()` without any authorization gate. This allows any reachable swarm peer to invoke `save_memory` (registered with `CLAW_TOOL_LOCAL_ONLY`) and persist attacker-controlled long-term memory entries into the disk-backed KV store, influencing future AI context.
# Vulnerable Code
File: claw/services/swarm/swarm.c (lines 315–325)
Method: handle_rpc_request()
Why: The function resolves `claw_tool_core_find(req->tool_name)` and directly invokes `claw_tool_invoke(tool, invoke_params, result)` without checking `tool->flags & CLAW_TOOL_LOCAL_ONLY`. The sender-side check exists at lines 477–480 but is client-side only. `save_memory` is registered at `claw/services/tools/system.c` lines 452–465.
# Reproduction
1. Build rt-claw for Linux with `-Dosal=linux -Dswarm=true -Dtool_system=true`
2. Start the rtclaw binary binding UDP port 5300
3. Send a forged swarm RPC packet: `{"tool_name":"save_memory","payload":{"key":"swarm_canary","value":"GHSA-canary"}}`
4. Observe RPC response with `status=0` and confirmation of saved memory
5. Verify persistence by reading KV file at `$HOME/.config/rt-claw/kv/claw_ltm/data`
6. Run control with a nonexistent tool — response returns `status=1` with no side effects
# Impact
- Unauthenticated remote attacker can bypass local-only tool restrictions on the swarm RPC interface
- Attacker can persist arbitrary long-term memory entries that survive process restarts
- Injected memories influence future AI model context, enabling persistent behavior manipulation
- May impact any tool registered with CLAW_TOOL_LOCAL_ONLY in the build configuration |
|---|
| المصدر | ⚠️ https://github.com/zevorn/rt-claw/issues/137 |
|---|
| المستخدم | Eric-y (UID 95889) |
|---|
| ارسال | 12/06/2026 11:38 AM (1 شهر منذ) |
|---|
| الاعتدال | 17/07/2026 06:08 PM (1 month later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 379838 [zevorn rt-claw حتى 0.2.0 Swarm RPC Receiver swarm.c handle_rpc_request تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|