diff --git a/src/bigbrother/__init__.py b/src/bigbrother/__init__.py index 0412440c..c8250ad7 100644 --- a/src/bigbrother/__init__.py +++ b/src/bigbrother/__init__.py @@ -38,6 +38,8 @@ def sys_hook_entrypoint(event, info): elif event == 'exec': # logs and block both exec and eval ministry.ofexec.block_exec(event, info) + elif event == 'system': + ministry.ofexec.block_system(info) def enable_ministries(disable_hooks: Iterable = []): diff --git a/src/bigbrother/ministry/ofexec.py b/src/bigbrother/ministry/ofexec.py index dbdbbf9d..b2ec6a68 100644 --- a/src/bigbrother/ministry/ofexec.py +++ b/src/bigbrother/ministry/ofexec.py @@ -1,9 +1,10 @@ """ Onionr - Private P2P Communication - Prevent eval/exec and log it + Prevent eval/exec/os.system and log it """ import base64 +import platform import logger from utils import identifyhome @@ -24,12 +25,30 @@ from onionrexceptions import ArbitraryCodeExec """ +def block_system(cmd): + allowed = 'taskkill /PID ' + is_ok = False + if platform.platform == 'Windows': + if cmd.startswith(allowed): + for c in cmd.split(allowed)[1]: + if not c.isalnum() or c not in ('/', 'F', ' '): + break + else: + is_ok = True + if not is_ok: + logger.warn('POSSIBLE EXPLOIT DETECTED, SEE LOGS', terminal=True) + logger.warn(f'POSSIBLE EXPLOIT: shell command not in whitelist: {cmd}') + raise ArbitraryCodeExec('os.system command not in whitelist') + + def block_exec(event, info): - """Prevent arbitrary code execution in eval/exec and log it""" + """Prevent arbitrary code execution in eval/exec and log it + """ # because libraries have stupid amounts of compile/exec/eval, # We have to use a whitelist where it can be tolerated whitelisted_code = [ 'netrc.py', + 'shlex.py', '', 'werkzeug/test.py', 'multiprocessing/popen_fork.py',