Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
staticassertion 9 hours ago

What if you wrote something more like:

    # terrible code, never use ty
    def cleanup(dir):
      system("rm -rf {dir}")


    def main():
        work_dir = os.env["WORK_DIR"]
        cleanup(work_dir)
and then due to a misconfiguration "$WORK_DIR" was truncated to be just "/"?

At what point is it negligent?

direwolf20 9 hours ago | parent [-]

This is not hypothetical. Steam and Bumblebee did it.

extraduder_ire 9 hours ago | parent | next [-]

That was the result of an additional space in the path passed to rm, IIRC.

Though rm /$TARGET where $TARGET is blank is a common enough footgun that --preserve-root exists and is default.

niyikiza 8 hours ago | parent | next [-]

You'd be surprised to see how often we're seeing those types of semantic attack vulnerabilities in Agent frameworks: https://niyikiza.com/posts/map-territory/

cyberax 7 hours ago | parent | prev [-]

Even better, $TARGET might be "/home/user/documents and settings /bin"

a_t48 8 hours ago | parent | prev [-]

Bungie, too, in a similar way.