제출 #856882: princezuda safestclaw 4.2.4 Incomplete List of Disallowed Inputs (CWE-184)정보

제목princezuda safestclaw 4.2.4 Incomplete List of Disallowed Inputs (CWE-184)
설명# Technical Details A shell allowlist bypass exists in the `ShellAction._validate_command()` method in `src/safestclaw/actions/shell.py` of safestclaw. The application tokenizes the user-supplied command with `shlex.split()` and validates only the basename of `args[0]`. Because `env` is in `DEFAULT_ALLOWED`, a command such as `env bash -c id` passes validation even though `bash` is not allowlisted. The code never inspects or re-binds policy to the effective inner executable, so `ShellAction.execute()` passes the full attacker-controlled argv to `asyncio.create_subprocess_exec(*args)`. # Vulnerable Code File: src/safestclaw/actions/shell.py Method: _validate_command() Why: The method validates only `Path(args[0]).name` against the allowlist, so `env bash -c id` is approved based on `env` alone. The effective inner executable (`bash`) is never checked. # Reproduction 1. Start the SafeClaw web server on the 4.2.4 release. 2. Send `POST /api/message {"text":"shell env bash -c id"}` to the built-in web interface. 3. Observe the response returns `uid=0(root) gid=0(root) groups=0(root)`. 4. Send the control command `POST /api/message {"text":"shell bash -c id"}`. 5. Observe the control returns `Command blocked: Command not allowed: bash`. # Impact - Bypasses the built-in shell executable allowlist. - Attackers can execute denied interpreters by wrapping them with `env`. - Code runs with SafeClaw process privileges, granting access to files, environment variables, and network resources.
원천⚠️ https://github.com/princezuda/safestclaw/issues/59
사용자
 Eric-x (UID 94869)
제출2026. 06. 12. AM 11:52 (1 월 ago)
모더레이션2026. 07. 17. PM 06:13 (1 month later)
상태수락
VulDB 항목379845 [princezuda SafestClaw 까지 4.2.4 Built-in Web Interface shell.py ShellAction._validate_command 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!