search

ArduPilot / ardupilot

ArduPlane, ArduCopter, ArduRover, ArduSub source
http://ardupilot.org/
GNU General Public License v3.0
10.75k stars 17.2k forks source link

MAVFTP: Appears to be dangerous 👨‍💻🕵🏻‍♂️👾 #23339

Open patrickelectric opened 1 year ago

patrickelectric commented 1 year ago

Bug report

While working to implement mavftp support in rust-mavlink and in mavlink2rest to access the filesystem with a REST API... I found out that MAVFTP has access to the entire file system if you are running under linux, including SITL.

Issue details

The binary has access to .., and everything beyond that!

Soo.. If you are running ArduPilot in a linux board, and using it as root to access the hardware interfaces like i2c, spi, mem files for GPIO, you could use MAVFTP to replace ssh file keys, binaries and systemd configuration files to run exploits and more.

Version Currently master.

Platform

Airframe type All

Hardware type Linux

Logs Nops

khancyr commented 1 year ago

That is wonderful ! We can now modified the full filesystem with Mission Planner ! ;-P

But yes, would need to be fixed...