While working to implement mavftp support in rust-mavlink and in mavlink2rest to access the filesystem with a REST API... I found out that MAVFTP has access to the entire file system if you are running under linux, including SITL.
Issue details
The binary has access to .., and everything beyond that!
Soo.. If you are running ArduPilot in a linux board, and using it as root to access the hardware interfaces like i2c, spi, mem files for GPIO, you could use MAVFTP to replace ssh file keys, binaries and systemd configuration files to run exploits and more.
Bug report
While working to implement mavftp support in rust-mavlink and in mavlink2rest to access the filesystem with a REST API... I found out that MAVFTP has access to the entire file system if you are running under linux, including SITL.
Issue details
The binary has access to
..
, and everything beyond that!Soo.. If you are running ArduPilot in a linux board, and using it as root to access the hardware interfaces like i2c, spi, mem files for GPIO, you could use MAVFTP to replace ssh file keys, binaries and systemd configuration files to run exploits and more.
Version Currently master.
Platform
Airframe type All
Hardware type Linux
Logs Nops