How I fully compromised the "most advanced code execution system in the world"

right now we have Daniel Cooper who will be talking about how I fully compromised the most advanced code execution system in the world let's welcome him to the [Applause] stage hello so um I'll start with a quick introduction I'm I hate introduction so it will be quick um so my name is Daniel Cooper I'm currently a security consultant at Tanto security which is just like the last I know which is why we have similar slides however mine are dark mode so they're instantly better no jokes I love you um I also occasionally play on ctfs for teams such as blitzk and emu exploit um under the username Sparrow so that's enough about me today I want to tell you about a

story so um I have a friend who likes to develop things in his spare time one of the things he is passionate about is competitive programming so one of the things that he wanted to do was make a contest management system so for those that don't know in competitive programming you submit answers to problems which are just programs they take in um input through standard input and output um the answer to the problem given the um provided input and they must do this in a time efficient manner so that um you can prove that you've solved the problem efficiently so once I saw that my friend had make this I was like do I really have anything better to

do than spend time trying to hack my friends apps then I realized the answer was no so I decided to try and look into that and try and find out if there were any security flaws so um when I was looking into it most of the apps source code was pretty secure so I decided to look into some of the supply chain things and in particular I wanted to see how my friend was executing this potentially malicious code on his Services um the way he was doing that was through a Sandbox um called judge zero and so I needed to look into how this works um upon a few quick Googles I found out that it is a fairly popular open source

code execution API um as most people know remote code execution as a service is generally not something you want to make so it makes a lot of sense for software developers to Outsource this to another application um in fact um judge zero is one of the most popular ones because of the fact it is open source um and you don't have to pay to use it in fact it even has a research paper written by the developer of how it is secure however I don't like reading research papers so I didn't read it and instead looked at the code um before we get into the code though I'd like to talk a bit of a high level overview of

how the system works it's pretty simple it has an API you send an API request with something like source code Echo High it will run it it will give you some output with such as standard output is High um and some things such as the time it took um pretty simple except it's not because there are around 80 languages and 30 different options a lot of different complicated things that could potentially introduce security flaws so it is quite an interesting Target so my plan of attack for trying to figure out issues with this system was to find out how judge zero runs the code that I provided I wanted to find out what prevents me from just spawning

a reverse shell I'm completely compromising the system can I read other submissions um files and use that to cheat in a competitive programming contest which um might be used by more sites than just my friend's small website so let's without further Ado let's dive into the code so there are four main Services um a ruon rail server as you can see in the top left a database a reddis q and a worker server um the way it works is first the Ruby on rail server will insert a submission into the data datase then it will add a job to process this submission into the reddis Q the worker um will read from the reddis Q once it

sees a job that is added to the queue and it will retrieve the job info from the database then it will process the job and update the database with the results of the job pretty simple however as I was looking through these Services which were in a Docker compos file I saw that um it had enabled the privilege flag this is immediately a bit of a red flag because um having the privilege flag means that if I can get code execution inside the docker container it's pretty easy to escape onto the root machine that is running the docker container the reason is that privilege allows for Access um to certain files such as the um device files for the dis

of the host system so you can mount the host dis system if you're a root inside the container and then from there you can write malicious cron jobs malicious scripts or just dump all the data on the host system so that was initial red flag but obviously you can't do anything with unless we get remote code execution so the goal became to get remote code execution inside one of these two Services um by the way when I say remote code execution I'm referring to unsandboxed remote code execution sometimes I just want to make that clear so looking through the code I immediately see a massive string that appears to be evaluated inside Ruby backticks this is not good um however uh

I got excited but upon looking into it it seems to be reasonably secure I'll get into that a bit later but the tldr is that it seems to be using this isolate binary which is a Linux binary um to run a submission um isolate when I searched it up is a tool designed for competitive programming competitions and it uses Linux namespaces to separate the different files and processes um used by the system from uh the actual application SCE code so as I do not know anything about Linux sandboxing and Linux uh name spaces I decided hell no I'm reading lots of C source code I I'm not that smart I'm just a small peasant but

um instead I'm going to try and attack the Ruby source code instead because that's something I can read um as a side note one of the developers of the isolate binary did actually say that they don't support security of using isolate within Docker which is what judges does do so if you're smart at this sort of thing maybe it is possible just to straight up break out of the sandbox um beats me anyway the plan is Don't Touch Linux instead look at the floors in the Ruby application so I started scanning for a footh hole one of the things I did see was this weird um G sub so what G sub does is it replaces

this regular expression on the left with the thing on the right which is an empty string so it seems to be removing some parts of a payload and it's writing this to A bash script that's what the second line is with the file door open so perhaps if I could bypass this blacklist which was the characters dollar sign andent semicolon normal bash um special characters I could get around this and potentially run my own code so that's what I did I looked at it for a while and after a bit I found out that if you use the new line character it can actually execute on a separate line which allows you to run a new process

instead of the original line with the prefix which was Python 3 script.py or whatever it was for the um language that you chose so that was a bypass for that and I try this on the remote one by setting the command line arguments flag to have a new line and as you can see it successfully runs the extra command separately as a separate process so I'm like Yay we've won easy remote code execution done pone the system um except I read the source code and found out that the Blacklist is literally pointless it adds zero things to security so then it's like no it's over we have to start from scratch again um the reason it's pointless is because

it's writing to this script however this script is immediately run inside the isolate sandbox so it's being blacklisted but it's also running inside the sandbox um so what is the point of The Blacklist because um it's basically has the same permission as your code in the first place but this actually does come back later so um stay tuned for that this failed um another thing was as I mentioned before we have this command line that is essentially being sent straight into the system um and being run in Shell so what if I inject into one of these parameters let's try it a is not a number okay well it seems like there's some sort of Whit list in this

parameter we can't directly inject shell characters and run a shell command outside of isolate so what is exactly the white list it seems like it has to be a number that is within some sort of range um so this didn't really seem like a potential way to get around this it has to be numeric it seems very strict validation um so this is a fail at this point I'm like okay maybe this thing is secure after or it looks like there are a lot of red flags but maybe not what about this line we have pseudo rm-rf boxer that looks suspicious to say the least in fact one of my um friends pointed out that if boxer happened to be

an empty string this would actually just remove every file in the file system this is run outside the sound box anyway um boxer turns out to be some almost constant string so this won't actually happen but it's sort of fun to think about so what if I could potentially replace some of these files because the sandbox allows me to edit some files within the sandbox including this box directory thing could I replace it with a symbolic link when this pseudo rm-rf is run outside the sandbox maybe this could delete some files on the host system and potentially we could use this as an exploit primitive to do some other things um so I look a bit into what

boxer is what happens is when isolate starts up you give it this double Das init flag it will give you this path which is essentially a shared folder that will be used inside the sandbox we'll go into more detail later but boxer is just a box directory inside the shared sandbox so um I try replacing it turns out rm-rf doesn't follow Sim links to probably no one's surprised because then someone could like give you a zipped folder and then you unzip it and then it has a SIM link to like the root directory you delete it and then it deletes your root system that would be bad um there might be a command line flag that enables following Sim links

but either way judge zero did not do this um so I couldn't get this to work seems like that's a fail as well but I managed to see something that I'm pretty sure could lead to something which is this double Das shareet flag inside of isolate judge zero supports using this flag inside of isolate if you pass the enable Network flag to um judge zero in the API now for those who've done a bit of security this might scream serice side request fory to you and that's what it did to me as well so let's try and see if we can contact some other internal Services inside the docker Network um in fact we have the postr database and the

redus um the redus is obviously a lot easier to Target but if we think about it post rescu actually has a lot more of the data in it so maybe we it'd be worth targeting that as well um risq is essentially all it's doing is just telling the worker which jobs to run so it's not that interesting unless we wanted to run a job twice or something so I came up with a crazy idea before when I pointed out this huge isolate string that we couldn't command inject tube due to extremely strict validations in fact the data type of a lot of these were either string literals which we can't change or integers what if we change one of the integers inside

the database itself to be a string will the application crash hands up if you think the application will crash no one okay well some people um it doesn't Ruby just doesn't care if you have a um well the application didn't care that you are now changing this numerical value into a string and as soon as it becomes a string we can also just change it to have a command injection um inside of it so this works so to summarize what we have is the Ruby on rail server which is running a job and then the job contacts the postcue or database changes the data type of one of the safe integer parameters into a string with a command

injection then once that job is executed it causes a command injection and runs code outside of isolate however to actually create a proof of concept for this I need to write a post SQL communication wrapper um normally you can just do import or pip install some post resl client thing pretty easy um except I realize that we don't have libraries inside of Judge zero so what we do is we Implement all of postgressql from uh source and I spent way too long on this and it turns out there is some random documentation that is hidden on the dark web or the like of how you have to specifically md5 has the password twice and add in some

like random value so that you can get the correct md5 hash when password authenticating and I want to yeah I that's enough said about that but um after we get that working which takes a while we can simply just use dollar sign and brackets to create a command injection insert it into the database and we're good um here is the script in case you haven't noticed there is a for Loop that runs the submit print high 20 times before and after the code you may be wondering what this is for the reason is we need to essentially trigger a race condition here we need to have our code which causes the SSR to occur run before

another job has finished the reason for this is that job needs to execute after the malicious one runs and we can't modify another job that hasn't been created yet so essentially we need to create a big cue of jobs that need to be run and then we can run our malicious job while some other jobs haven't yet run so that's what the um number is it needs to be increased if your system is good 20 is fine for mine however you might be wondering what is this postgressql password well it seems safe because password cannot be blank only used in production it has no default you must set your password except the default is your

password here and I can guarantee you 99% of users do not change it from your password Here 1 2 3 4 because nowhere in the setup guide does it tell you to change this and um most people don't read through every option in the configuration file which is where this is so this would guaranteed work on most people who haven't changed this password which would be most of the users of Judge Z so the three things we need for this to work are we need the postgress co password this will probably just be your password Here 1 2 3 4 we need enable Network to be true but it turns out there's another flag that we need which

is inside the configuration file the same one with the postgress CR password which is we need allow Network to be true with allow Network false the enable Network feature is disabled and it turns out this is actually disabled on the publicly available one which is sad because otherwise I could the publicly available one no I would never do that I'm joking um so this is good we have a vulnerability that works with three conditions however if we want to increase our CVSs score we need it to work with no attack constraints so let's find a better one so back looking at um Sim links again we have another similar RM thing before I talked about Sim links with

rm-rf rm- RF does not follow Sim links seems like a fail however what about this CH own so CH own changes the owner of a file um it turns out that it does behave a bit differently so if you see here we have a file and a Sim link to the file if we remove the sim link it removes the Sim link but if we do the same thing with changing the owner it actually changes the owner of the file instead of the Sim link this is quite interesting um especially since if you add the recursive flag it actually changes the owner of the Sim link which is sort of the opposite of what you'd expect um

which causes me huge headache when creating these slides because I accidentally used the r flag and then was wondering why they patched my exploit but um I don't want to talk about it so can we change the owner of arbitrary files using this what we could do is if we look back at the um code again if we change the Run script which is another file inside the shared folder to be a Sim link to a file on the host machine when this line is run which will be run outside the sandbox it should change the owner of our Sim link and follow the Sim link and change the owner of any file we want on the host

machine so that's what we tried and it worked and I was like this is great because what we can do is change the owner of our root owned file to our current user which is run as a low privilege user um however what I didn't realize was that a low privilege user was only used in the development environment in production everything is run as root which is Cano intuitive again but who knows um the problem with any everything running as root is root can access everything so it doesn't matter we can't denile a service by changing the owner of a file and also we're changing the owner from root to root because everything's just owned by root so it essentially does

nothing so this seems like a fail as well oh well Moving on but as I was doing this and looking for ways that changing the owner of a file could change um could follow Sim links I was like wait a second maybe Ruby fil to open follow Sim Links of course Ruby fil to open open SIM links it is just opening a file which would follow a Sim link and in fact we have file to open right here in this file to open run script the same thing that I was staring at ages ago when I was trying to find a bypass for The gsub backlist Blacklist sorry um so what if we replace this run

script with a Sim link will it write to any file on the file system at the time of this running so I realized I've been talking a lot about Sim link inside box something or other very complicated so uh that's a lot to take in so what I've done is I've made an animation which can actually help us visualize and hopefully this works let's find out if it works so I'm going to step through this a bit this is the normal workflow so this will represent the Ruby API server this is the isolate binary which is stored at the path user local bin isolate on the host so what we do is we first run isolate

with the inip flag this will set up our shared folder um this will create two subdirectories inside the shared folder um one will be called box and one will be called temp um uh sorry to clarify these two folders will be created by the Ruby process itself but um they're not too important for our cases then Ruby will create the submission file in inside the um shared folder so in this example we're going to be talking about a c workflow so we can just see what compiling the source code actually looks like as well so we're going to be creating a file called main.c here um and we'll be compiling this so to do that Ruby will create

another file called compile Dosh in the same directory in the Box directory it will contain something like GCC compile ARS main.c um just have

so now as we know compiling things can sometimes have side effects so it's good to enable the sandbox before doing that judge zero follows this so we'll enable the sandbox and run the compile script which produces the compile binary a. out now what we're going to do is disable the sandbox again we'll create a run script which will call runsh and it will essentially have a. out plus any user applied command line arguments which is the thing that is g subed as we talked about before with The Blacklist then we are ready to finally run our program so this will be the point where the timing starts we'll enable the sandbox we will run the run.

sh script and it will produce the output um and also we'll be able to time how long that took after this sbox is disabled and we change the owner remove remove it remember this is where our changing the owner vulnerability occurred because we're changing theer of runsh which could be changed by the application as it is in the controlled sandbox to point to somewhere else so that will clean that up then some other stuff happens but it's not really too important so hopefully that clears up what is happening so what happens if as an attacker we replace runsh so we'll go through the first part again everything gets set up we write the source file as

previously except this time we use new line injection new line injection with the guub the G sub blacklist is also applied to the compiler arguments which are inserted here so we can use this to insert a new line and a comment at the end and add in some malicious code so our code will be to create a Sim link called runsh which points to user local bin isolate now we'll compile the file but what it's just doing is running compile Dosh which creates our Sim link as mentioned earlier this happens inside the sandbox now Ruby will try and do the same thing it did before which is writing the Run script um to runsh except this time it

already exists Ruby doesn't expect this it still opens it as usual and writes to it but this is a Sim link and as the sandbox isn't enabled it will evaluate it and overwrite use a local bin isolate so through this method um this file will be written to use local bin isolate now if we were to create another submission at this point it would call user local B isolate as it did at the start except this time it is replaced with our script which we uh specified here is where is it a. out and we have another new line injection in the script which runs some malicious code so that's how we can get our reverse shell

so that's how we can get code execution and we essentially all we need to do is just control command line and compile time arguments um to actually get the final step we just need to change these uh command line arguments supplied which will be in this case I put in uh curl host. do. internal just to connect to my list to see if it worked and it works if we want to run a more complex payload remember the command line arguments are essentially where our payload goes we need to bypass The Blacklist if we want to run a more complex thing such as a reverse shell which might have some of these bad characters it turns out a lot of

characters are still not applied to The Blacklist so if we run python 3-core import os. system that is completely fine by The Blacklist and then I can add by stop from hex to hex decode something and that will allow me to execute any system command the command I want to execute will be encoded in HEX which is all allowed characters so now I can completely be free to run whatever code I want on the docker container and from there it's trivial to mount the host disc and Achieve execution on the host itself the attack surface of this is quite large this is the judge zero IDE which is just a publicly available website you can

just go like id. judge zero.com you can change the command line arguments and the compile time arguments here so because it lets you change it you could pone this system just by doing this it's patched now so don't try it well you can if you want I guess so this is obviously quite bad I decide at this point I need to report this however what if the author of Judge zero just decides okay this person added in a couple of new lines and managed to uh exploit my system what if I just add a new line to the G sub thing and then fix it this isn't the root cause the root cause is that we are writing to a Sim link so I

thought it would be better if I made an exploit that worked without abusing the new line primitive um the new line exploit then I could report the issu separately so to create an exploit that doesn't require the new line we used it twice we used it once in the compile time arguments we used it one in the command line arguments both of these need to be handled separately so for the first one compiling the reason we had it was so that we could Create a Sim link that that will be written to when the runsh happens however it doesn't need to be created at the compilation stage it just has to be created before the runsh file

is written and it turns out there's another stage that I've been neglecting up to this point which was that judge zuro allows you to upload a zip file initially I was thinking oh zip slip we can just put dot do slash inside the zip file entry and overwrite an arbitary file on the host um this doesn't work because the zip file unzip is run inside the sandbox as well which is good however we can still put SIM links inside of zip files if you don't know that then now you do so what we'll do is we'll just create a zip file and upload it and put user local bin isolate as the path in our ZIP file so it will

essentially achieve the same result of creating a runsh Sim link without using the new line injection the compile time arguments now that sorted we need to find a way to do it with the command line arguments maybe we could add something like- C in Python which executes the supplied python code and that would be able to execute our Shell Code or our Command sorry but it turns out that most programming languages which use interpreters which would allow this actually treat this as arguments to the interpreted program unless you put this command before the thing itself so for example here we have python 3-c print pone script.py that works because- Z is beforehand but if we put it

afterwards - c is passed into the script itself and it doesn't work um I couldn't find a language that easily allows you to get around this um as a side note you might be wondering we control script.py right why can't we just put some our reverse sh on script.py the reason is we override user um local bin isolate and when it is executed our current working directory is different so script.py will actually not load the correct script and we can't really control what script it loads so that Line's always going to fail the reason that the new line worked originally was because bash doesn't stop executing if a command fails so even though Python 3

script.py or whatever um command ran in the wrong working directory it failed our next line with the new line injection would still work however as I looked through the list of languages which is massive I found this uh that SQL light was there which go figure imagine writing a competitive programming solution in SQL um some people would feel different um so anyway SQL has this flag called- CMD and it what its label is is run command before reading standard input and if you see up here this run command is to cap the script and then pipe it into SQ light with a

database so what's actually going to happen is this isn't going to work because script. SQL isn't going to be the correct um working directory but because this command runs before reading standard input it actually doesn't care that it's receiving zero standard input and is going to error out so this works perfectly um we can add- CMD at the end and it will execute some SQL commands which doesn't seem like much um without using the new line injection outside of the sandbox and SQL conveniently has this um way to execute system shells from SQL why did they add that I don't know and it's just do shell and then your command so here's the final exploit which just puts all this

together creates the zip file with the SIM Link in it and it creates the python encoded um payload and it uses SQL light to execute without um when uh running the user local bin isolate which gets overridden so I'm going to give a live demo it's going to go wrong but I have a video back up so it's all good um so here is my terminal so the first thing I'm going to do is show you what the first script is so this is just going to start judge zero version 1.13.0 so let's do that while that's going I have two other things wow this is zoomed out so this is just a normal netcat listen on Port

90001 and so we'll start that listening and the other script is the exploit that I just showed above um in the slides which is just create the zip file and execute it this time I've replaced my payload with a simple bash reverse shell so if we run this it should go ch ch ch and then we get a reverse shell connection inside the docker container as rout thank you thank you so we're not done yet because if we LS the dev and we oops I this terminal is cooked [Music] this is actually my host hardk so uh o should I try and demo this yeah why not so if I create a mount point and then I mount sure why not

this um into ASD this is my windows partition L I didn't expect this happen but as you can see I can read data on the host of the machine which is completely bypassing the normal safety guarantees that you get from using Docker so we managed to completely if if someone was running judge zero and a heap of other stuff we'd compromise all of it we'd get root access on the remote Machine by just writing a Chron job or a script okay live demo worked y so back into [Applause] reporting so um they didn't have a vulnerability reporting process at the time that I um found this but the guy who develops judge zero this guy is a really nice guy and it was

actually pretty seamless even though there wasn't already one um set up so I'll walk you through how it went firstly I sent an email to contact judge zero.com and said hi I found a security issue where can I report this and he responded pretty much like an hour later oh sorry not an oh yes an hour later and asked me to reply however Gmail thought it was a good idea to send this reply to spam so I never realized I had it another thing I tried was sending a message over Discord and he replied on there too and luckily Discord doesn't send messages to spam so I was able to send him my proof of concept at this

point he started panicking and he sent me an email asking if I'd compromised his Services which I hadn't luckily um and after I'd explained it all he um got me to walk through the vulnerability he created a fix for it and organized a call so this was pretty much one of the fastest turnarounds well I mean there have been faster but it was really good and we did have the call although it wasn't at midnight which this one was um he's lives on the other side of the world so it's a bit awkward but the way we wanted to go through and get cves for this is GitHub has this security page which you may or may not know about if

you go there and it doesn't have a security policy and you're the owner of the repo you can set up a security policy and then you can um allow people to submit things um advisories then you can approve them and you can request a cve through GitHub which is really nice CU you don't have to go fill out that form that is really old um so I got two CVS for the ssrf and the sandbox Escape however we aren't done yet because we need to look at what the actual fixes were for these issues so let's see the commit history create security. MD yep seems about right update version seems about right use user judge zero so

I was a bit confused by this because I expected something more along the lines of prevent system from using Sim links when using Ruby file to open a bit verose I know but still anyway I get onto the system and I all I find out is that the user that Ruby is being run at is now judge zero user it is no longer root is a low privilege user which means that we cannot no longer overwrite user local bin isolate because our arbitrary file right is now only limited to files that we have permission to overwrite as the Ruby process however if you have a Keen Eye you may have noticed that one of these folders is not owned by root

and is also owned by the same user that we are running at which is Judge zero it's this one here it's the temp folder inside the API um root directory so what's inside this folder I decided to take a look looks like there's a few interesting things cach environment pids restart. txt I grep for some some of these keywords inside the source code and I find out that environment is being run as a bash script every 12 minutes so essentially all I have to do to fix my exploit is overwrite this script instead and every 12 minutes it will be run that's what I thought except it turns out that um Herman had accidentally broke the Chron tab when he

changed to the user judge zero because um Chron tab needs to be started as root so I asked him to fix that um so that I could get my vulnerability to work but I also I'm just uh joking I told him about the vulnerability as well and he fixed that very quickly as well which I'm very appreciated of of and here's the commit however up until this point I've been relying on all the different things as I get more knowledge of um judge Zero's internal source code to chain together different tricks that can be used to do it and there's one thing that I figured out before that I thought had no impact but now very realistically has impact

and if you can guess it then good job I'm not going to let you try though um it was the change owner vulnerability so if you remember this vulnerability allowed me to change the owner of any file to the current user however it was useless because everything was run as root however no longer are everything run as root now things are run as judge zero which means we effectively have a um primitive which allows me whoopsie to change any file to our current user which which we can then overwrite again so if we I love my little animation so we'll show another animation if it decides to load there um okay so first part is all the same again

Cho ch ch up until the end where we remove the sim link so uh the compiled binary this time contains some code which replaces runsh while it is being run and now it replaces it with a Sim link to use a local bin isolate now as mentioned before we're going to change the owner of the Sim link and remove it as a cleanup step this time what it's going to do is um change the owner of the Sim link but instead change the owner of USE local bin isolate and now if we run the entire exploit the previous one all over again isolate is now owned by our current user so it's completely fine for us to change

the data inside of it to a reverse shell payload also I believe the judge zero user has plenty of ways to get to rout so it's not a problem for mounting the host dis again so once I submitted that that was another CV and it was fixed as well um for as a side note the way it was fixed was just changing more files to be owned by root um I did speak to Herman cuz I believe that changing the way that the Sim links are handled in the source code would be a better way of fixing this but he said that it's better to just patch it like like this because the source code has been left for a while and will

probably break if he changes too much stuff which I think he found out the hard way of the Chron tab anyway so future research points um so I moved on to other things now but sometimes uh I do think about where I would go if I came back to this so This exploit is quite nice in that probably a lot of people didn't update their judge zero so it would probably still have impact in the real world um for a lot interview platforms and things like that that use judge zero um however a lot of platforms such as this all they do is they let you edit the code that you're submitting to the platform they don't let you change the

command line arguments or the compile arguments um or upload a zip file as we use to upload um The Sim link um without a new line injection so I was wondering if there was a way for me to exploit this only by changing the source code the exact same vulnerability so what we'd need to do is Create a Sim link compile time so that we can create runsh that points to user local B isolate um I looked at some languages that allow you to do things while um it compiles so rust allows you to run like procedural macros while it's compiling but it turns out that you need another compiled um binary for the procedural

macro to compile correctly and I'd need a multifile project to do that and then we've come full circle because we need a supply zip file again um even even if we were able to create a uh side effect oh wait one more thing I did try was there was a thing called CV RS which some of you might have heard of that lets you do buffer overflows and stuff in Rust I tried to get this to work but it seemed like most of the available proof of Concepts were simply using um the run time of the rust thing to cause the buffer overflow and I need this to happen when the binary is compiled so I wasn't able to

get that to work either but if you're a big rust nerd maybe you could do that um I know you're out there so uh we also even if we were able to create this Sim link the thing that we're written the only part that we control is the command line arguments and this is directly taken from the um Json fields of the request so I couldn't really think of an easy way to manipulate the output of the file to get code execution there are a lot of languages and each language does have these different things that you will write at the start like Python 3 script.py for python for example but um it doesn't seem very feasible at all

um yeah I have finished extremely early whoops talk too fast but more [Applause]

questions do we have any questions in the

audience um not sure if uh you're the right person to ask ask uh but from the blue side of uh things uh for platforms that um providing application run time what would be good uh practices to mitigate this kind of attacks or maybe spot them yep so I believe the question was um if I was with these types of um code execution systems how would I mitigate these problems so I believe the problem with this program wasn't using to do with isolate I think that the isolate was mostly sound apart from the disclaimer that I said about using doco with isolate the main issue was that it was sort of turning the sandbox on and

off again and doing all the different bits in between what would be good is if it didn't really ever touch the sandbox from the Ruby code um after it had set it up and torn it down because then there's no chance for you to sort of change things in between and add Sim links and stuff like that and also when removing it making sure not to deal with these Sim links cuz most of the vulnerabil were just directly to do with the use of sim links ins say these things so if for example um it was set up the sandbox and wrote compile sh and runsh immediately um then we would never be writing to these files um so it

wouldn't we wouldn't be able to change it to a Sim link because none of the user Supply code hasn't run yet um but when we uh do run it uh if it's Chang it doesn't really matter because it's already inside the sandbox um yeah yeah cool there any other

questions uh one at the front over here hello lovely talk um so when you got downgraded to judge Z so you're unprivileged so you go back to use the Chone to like be able to um modify isolate isn't it like Chone and RM so does the like RM does that remove isolate and does that cause any issues or am I just misunderstanding what happens there that is a good question thank you um I'm actually not sure why that happened because I just did it and it worked so I think it might be to do with the owner of the directory still being root it might not be possible to remove the file but I feel like it should still be able

to remove the file um I did sort of simplify things a bit here though I didn't actually Target isolate because targeting isolate when and changing the earner of isolate actually causes the application to crash in such a way that it never executes isolate um it's to do with because of the fact isolate was set you ID and needed to do something um so I ended up targeting the remove binary like the standard Linux remove binary and I think oh yeah that's actually why it worked because I replac the remove binary it wouldn't um actually run remove it would actually just execute my payload so yeah that's the answer and I just figured that out just but that wasn't on purpose

[Applause] either if there are no other questions let's thank Daniel one more time [Applause]