dockercraft icon indicating copy to clipboard operation
dockercraft copied to clipboard

Published 20 hours ago verified publisher icon docker

command injection is available

Open nyasukun opened this issue 9 years ago • 3 comments

put following command line in chat window; /docker pull ;xxxx

xxxx can be executed in dockercraft server side.

nyasukun avatar Nov 22 '15 14:11 nyasukun

@nyasukun thanks for the report, but I can't seem to replicate the issue. I've run /docker pull;echo "malicious code" > /go/foo.txt from the client, but that file doesn't appear on the server. Can you suggest another example I can try?

dave-tucker avatar Nov 23 '15 00:11 dave-tucker

@nyasukun @dave-tucker I'm currently working on fixing #12, commands won't be transmitted the same way after that. But we should keep that issue open, we will still have to take care of possible command injection.

aduermael avatar Nov 23 '15 07:11 aduermael

@dave-tucker plugin checks if docker command by looking 2nd arg. and command line is created with plus joined string. so command should be /docker pull<space>;<some_single_command> to reproduce.

This issue is cased from using shell to contact with goproxy. As @aduermael works, it seems to bypass a shell and this issue will be fixed automatically.

Thanks

nyasukun avatar Nov 26 '15 04:11 nyasukun