Skip to content

Commit

Permalink
vdk-audit-plugin: expand forbidden events list (vmware#1683)
Browse files Browse the repository at this point in the history 
Added additional events to the forbidden events list.

Both `os.spawn` and `subprocess.run` are used to start new processes.
The users are able to execute a shell command that contains malicious
code.

E.g. 
```
subprocess.run("mkdir ./{0}".format(dirs),shell=True, capture_output=True)
```

Signed-off-by: Miroslav Ivanov miroslavi@vmware.com

---------

Signed-off-by: Miroslav Ivanov miroslavi@vmware.com
  • Loading branch information
@mivanov1988
mivanov1988 authored Mar 10, 2023
1 parent fd53929 commit e4e612d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion projects/vdk-plugins/vdk-audit/src/vdk/plugin/audit/audit_config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
"os.forkpty;os.getxattr;os.kill;os.killpg;os.link;os.listxattr;"
"os.lockf;os.posix_spawn;os.putenv;os.removexattr;os.rmdir;"
"os.scandir;os.setxattr;os.spawn;os.startfile;os.symlink;"
"os.truncate;os.unsetenv;os.utime;pty.spawn"
"os.truncate;os.unsetenv;os.utime;pty.spawn;os.spawn;"
"os.posix_spawn;subprocess.run"
)


Expand Down

0 comments on commit e4e612d

Please sign in to comment.