| タイトル | nextlevelbuilder GoClaw 3.13.3-beta.3 Use of Incorrectly-Resolved Name or Reference (CWE-706) |
|---|
| 説明 | # Technical Details
An Exec Approval Allowlist Basename Collision vulnerability exists in the `matchesAllowlist()` and `extractBin()` methods in `internal/tools/exec_approval.go` of GoClaw.
The approval layer resolves the user-supplied command to a basename via `extractBin()` (which returns `filepath.Base(fields[0])`), collapsing relative paths like `./echo` to the basename `echo`. If the allowlist contains `echo`, the check passes. However, execution later runs the original command string (`./echo`) through `/bin/sh -c`, causing a workspace-placed malicious binary to execute with host privileges.
# Vulnerable Code
File: internal/tools/exec_approval.go
Method: matchesAllowlist() and extractBin()
Why: `extractBin()` returns `filepath.Base(fields[0])`, so `./echo` resolves to `echo`. `matchesAllowlist()` matches allowlist patterns against this basename first. The approval decision trusts `echo`, but `ExecTool.Execute()` passes the original `./echo` to `executeOnHost()` which runs `/bin/sh -c ./echo`, executing the attacker-controlled workspace binary.
# Reproduction
1. Configure GoClaw with `tools.execApproval.security=allowlist` and allowlist `["echo"]`.
2. Place a malicious `echo` binary in the workspace that prints a canary string.
3. Send `POST /v1/tools/invoke` with `{"tool":"exec","args":{"command":"./echo","working_dir":"<workspace>"}}`.
4. Observe: HTTP 200 returned, canary output from the workspace binary.
5. Control test: use allowlist `["/bin/echo"]` — the workspace `./echo` is correctly denied with HTTP 400 and `TOOL_ERROR`.
# Impact
- Operator-triggered execution of attacker-chosen workspace binaries with GoClaw host privileges
- Bypass of exec approval allowlist intended to constrain which commands may run automatically
- Local file access, host network reachability, and compromise of secrets or automation capabilities available to the service account |
|---|
| ソース | ⚠️ https://github.com/nextlevelbuilder/goclaw/issues/1213 |
|---|
| ユーザー | Erichen (UID 98955) |
|---|
| 送信 | 2026年06月12日 10:39 (1 月 ago) |
|---|
| モデレーション | 2026年07月17日 17:57 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 379829 [nextlevelbuilder GoClaw 迄 3.13.3-beta.3 exec_approval.go matchesAllowlist/extractBin 特権昇格] |
|---|
| ポイント | 20 |
|---|