V: os.cp is exploitable

Created on 3 Nov 2019  路  3Comments  路  Source: vlang/v

It just uses os.system("cp loc dest");

So, if you use os.cp(". ; <command>", "." ) you could execute any code.

Bug Confirmed
Source
picture arg2das

Most helpful comment

Yes, it's a temporary solution until a real os.cp is implemented for non-Windows systems.

I've just banned ; and && in exec/system, so this particular exploit won't work anymore.

picture medvednikov on 3 Nov 2019
👍2

All 3 comments

Yes, it's a temporary solution until a real os.cp is implemented for non-Windows systems.

I've just banned ; and && in exec/system, so this particular exploit won't work anymore.

medvednikov picture medvednikov on 3 Nov 2019
👍2

on iOS/macOS there's a syscall to do this

if $darwin {
  copyfile(...)
}
radare picture radare on 29 Dec 2019

Fixed.

medvednikov picture medvednikov on 1 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PavelVozenilek picture PavelVozenilek  路  3Comments
radare picture radare  路  3Comments
oleg-kachan picture oleg-kachan  路  3Comments
radare picture radare  路  3Comments
XVilka picture XVilka  路  3Comments