Gửi #855870: louisho5 picobot 0.2.0 Incomplete List of Disallowed Inputs (CWE-184)thông tin

tiêu đềlouisho5 picobot 0.2.0 Incomplete List of Disallowed Inputs (CWE-184)
Mô tả# Technical Details A dangerous-program blacklist bypass vulnerability exists in the `[ExecTool.Execute]` method in `internal/agent/tools/exec.go` of picobot. The application fails to recursively inspect wrapped command dispatch. The blacklist only checks `argv[0]`, so a blocked payload such as `rm` can be hidden behind `/usr/bin/env bash -lc`. The command array `["/usr/bin/env","bash","-lc","rm /abs/path/to/marker.txt"]` passes validation and reaches `exec.CommandContext`, which launches `env`, dispatches `bash`, and executes the prohibited command. # Vulnerable Code File: `internal/agent/tools/exec.go` Method: `ExecTool.Execute` Why: The safety policy inspects only the top-level executable and not nested shell-wrapper execution chains, making the blacklist incomplete and bypassable. # Reproduction 1. Run the supplied harness with a local provider that returns an `exec` tool call containing `["/usr/bin/env","bash","-lc","rm /abs/path/to/marker.txt"]`. 2. Invoke the normal `picobot agent -m` CLI path so the provider tool call is executed. 3. Confirm the marker file is deleted, while the direct control payload `["rm","/abs/path/to/marker.txt"]` is rejected. # Impact - Bypasses Picobot’s intended dangerous-program restrictions for the `exec` tool. - Enables destructive command execution through wrapper-based dispatch under the Picobot process account.
Nguồn⚠️ https://github.com/louisho5/picobot/issues/43
Người dùng
 Eric-h (UID 97582)
Đệ trình11/06/2026 11:27 (cách đây 1 tháng)
Kiểm duyệt13/07/2026 23:12 (1 month later)
Trạng tháiBản sao
Mục VulDB378163 [louisho5 picobot đến 0.2.0 exec Tool exec.go ExecTool.Execute nâng cao đặc quyền]
điểm0

Do you know our Splunk app?

Download it now for free!