🛡️ Sentinel: [CRITICAL] Fix arbitrary command execution via profile configuration#4
Conversation
…onfiguration Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
1 participant
🚨 Severity: CRITICAL
💡 Vulnerability: The application executes
bitcoin-clidirectly via the profile configuration path without verifying the executable name. This allows arbitrary command execution (ACE) if an attacker can manipulate theprofile.bitcoin_cliconfiguration parameter (e.g., executing/bin/shor malicious binaries on the system).🎯 Impact: An attacker who compromises the local configuration file could execute arbitrary scripts with the application's privileges when a user attempts to run commands interacting with the bitcoin node.
🔧 Fix:
run_bitcoin_cliinsrc/utils.rsby removing the unused duplicated version insrc/wallet_service.rs.src/utils.rsto strictly allowlist execution ofbitcoin-cliandbitcoin-cli.exebinaries only, regardless of the absolute path specified.✅ Verification: Verified that tests pass via
cargo test, code is formatted viacargo fmt, and clippy lints run viacargo clippy. Verified the fix ensures safe execution for trusted binaries.PR created automatically by Jules for task 14955262588832582089 started by @bitcoiner-dev