| Titel | louisho5 picobot 0.2.0 Improper Link Resolution Before File Access (CWE-59) |
|---|
| Beschreibung | # Technical Details
An out-of-workspace file read and overwrite vulnerability exists in the `[FilesystemTool.Execute]` and `[SkillManager.CreateSkill/GetSkill]` methods in `internal/agent/tools/filesystem.go` and `internal/agent/tools/skill.go` of picobot.
The application fails to reject final-path hardlink aliases inside the workspace. An admitted user can first use the default-registered `exec` tool to create a hardlink inside the workspace pointing to an external file, then use the rooted `filesystem`, `read_skill`, or `create_skill` tools to read or overwrite that external inode through the in-workspace alias.
# Vulnerable Code
File: `internal/agent/tools/filesystem.go`, `internal/agent/tools/skill.go`, `internal/agent/loop.go`
Method: `FilesystemTool.Execute`, `SkillManager.GetSkill`, `SkillManager.CreateSkill`
Why: The code relies on workspace-rooted file APIs but does not enforce the business rule that the final file object must belong to the workspace rather than being a hardlink alias to an out-of-workspace file.
# Reproduction
1. Create `outside/secret.txt` and a `workspace/` directory in the same parent path.
2. Use the real agent/tool path to execute `ln outside/secret.txt workspace/link.txt` and `ln outside/secret.txt workspace/skills/alias/SKILL.md`.
3. Read the file through `filesystem` or `read_skill`, then overwrite it through `create_skill`, and confirm the external file changes.
# Impact
- Breaks Picobot’s intended workspace boundary for rooted file tools.
- Allows disclosure and modification of files outside the workspace that are accessible to the Picobot process account. |
|---|
| Quelle | ⚠️ https://github.com/louisho5/picobot/issues/40 |
|---|
| Benutzer | Eric-e (UID 97581) |
|---|
| Einreichung | 11.06.2026 10:43 (vor 1 Monat) |
|---|
| Moderieren | 13.07.2026 19:30 (1 month later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 378131 [louisho5 picobot bis 0.2.0 Workspace filesystem.go CreateSkill/GetSkill erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|