Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security problem with Jobe #50

Closed
thopd88 opened this issue Jun 6, 2021 · 1 comment
Closed

Security problem with Jobe #50

thopd88 opened this issue Jun 6, 2021 · 1 comment

Comments

@thopd88
Copy link

thopd88 commented Jun 6, 2021

Language selected: Python3
source code:

a = eval(input())
print(a)

payload:
__import__('os').popen('ls /').read()

This will show up root directory
@trampgeek
Copy link
Owner

This is not a security flaw. Jobs running on the Jobe server have roughly the same rights as any non-privileged user would have who is logged on to the server, except that they have no home directory and have limits on their use of CPU time, memory and disk output. Read-only access to the root directory isn't a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trampgeek @thopd88