search

rogalmic / vscode-bash-debug

Bash shell debugger extension for VSCode (based on bashdb)
MIT License
217 stars 26 forks source link

Cryptographic Failure via escaped character #167

Open S0GDevs opened 2 years ago

S0GDevs commented 2 years ago

Executables

Version of bash-debug: v0.3.9

Output of following commands :

bash is /usr/bin/bash
bash is /bin/bash
code version : 1.68.0 x64
Linux 0 5.17.0-kali3-amd64 #1 SMP PREEMPT Debian 5.17.11-1kali1 (2022-05-30) x86_64 GNU/Linux
---
/usr/bin/bash
/bin/bash
GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
---
bash: line 1: bashdb: command not found
---
/usr/bin/cat
/bin/cat
cat (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Torbjorn Granlund and Richard M. Stallman.
---
/usr/bin/mkfifo
/bin/mkfifo
mkfifo (GNU coreutils) 8.32
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by David MacKenzie.
---
/usr/bin/pkill
/bin/pkill
pkill from procps-ng 3.3.17

Debug output

My launch.json:

{
    "version": "1.0.0",
    "configurations": [
        {
            "type": "bashdb",
            "request": "launch",
            "name": "Escaped Bash-Debug",
            "program": "${file}",
            "terminalKind": "integrated",
            "linux": {"env": {";sudo" : "-i"}}
        },
        {
            "type": "bashdb",
            "request": "launch",
            "name": "Simple Bash-Debug",
            "program": "${file}",
            "terminalKind": "integrated",
            "linux": {"env": {"sudo" : "-i"}}

        }
    ]
}

Details

Escaping a character in the linux environment variables of the launch.json can lead to cryptographic failure and dump bash initialisation data. Used esape character : semicolon

Without escape : SaneBash

With escape : cd . ; bash -c export\ \;sudo=\'-i\'\;cd\ \"/home/REDACTED/REDACTED/REDACTED/private-node-installer\"\;\ while\ [[\ !\ -p\ \"/tmp/vscode-bash-debug-fifo-11807\"\ ]]\;\ do\ sleep\ 0.25\;\ done\;\ \"bash\"\ \"/home/REDACTED/.vscode/extensions/rogalmic.bash-debug-0.3.9/bashdb_dir/bashdb\"\ --quiet\ --tty\ \"/tmp/vscode-bash-debug-fifo-11807\"\ --tty_in\ \"/tmp/vscode-bash-debug-fifo-11807_in\"\ --library\ \"/home/REDACTED/.vscode/extensions/rogalmic.bash-debug-0.3.9/bashdb_dir\"\ --\ \"/home/REDACTED/REDACTED/REDACTED/private-node-installer/script.sh\"\ \
declare -x APPLICATION_INSIGHTS_NO_DIAGNOSTIC_CHANNEL="true" declare -x CHROME_DESKTOP="code-url-handler.desktop" declare -x COLORFGBG="15;0" declare -x COLORTERM="truecolor" declare -x COMMAND_NOT_FOUND_INSTALL_PROMPT="1" declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/6666/bus" declare -x DESKTOP_SESSION="lightdm-xsession" declare -x DISPLAY=":0" declare -x DOTNET_CLI_TELEMETRY_OPTOUT="1" declare -x GDK_BACKEND="x11" declare -x GDMSESSION="lightdm-xsession" declare -x GDM_LANG="en_US.utf8" declare -x GIT_ASKPASS="/usr/share/code/resources/app/extensions/git/dist/askpass.sh" declare -x GTK_MODULES="gail:atk-bridge" declare -x HOME="/home/REDACTED" declare -x LANG="en_US.UTF-8" declare -x LANGUAGE="en_US:en" declare -x LOGNAME="REDACTED" declare -x LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:.tar=01;31:.tgz=01;31:.arc=01;31:.arj=01;31:.taz=01;31:.lha=01;31:.lz4=01;31:.lzh=01;31:.lzma=01;31:.tlz=01;31:.txz=01;31:.tzo=01;31:.t7z=01;31:.zip=01;31:.z=01;31:.dz=01;31:.gz=01;31:.lrz=01;31:.lz=01;31:.lzo=01;31:.xz=01;31:.zst=01;31:.tzst=01;31:.bz2=01;31:.bz=01;31:.tbz=01;31:.tbz2=01;31:.tz=01;31:.deb=01;31:.rpm=01;31:.jar=01;31:.war=01;31:.ear=01;31:.sar=01;31:.rar=01;31:.alz=01;31:.ace=01;31:.zoo=01;31:.cpio=01;31:.7z=01;31:.rz=01;31:.cab=01;31:.wim=01;31:.swm=01;31:.dwm=01;31:.esd=01;31:.jpg=01;35:.jpeg=01;35:.mjpg=01;35:.mjpeg=01;35:.gif=01;35:.bmp=01;35:.pbm=01;35:.pgm=01;35:.ppm=01;35:.tga=01;35:.xbm=01;35:.xpm=01;35:.tif=01;35:.tiff=01;35:.png=01;35:.svg=01;35:.svgz=01;35:.mng=01;35:.pcx=01;35:.mov=01;35:.mpg=01;35:.mpeg=01;35:.m2v=01;35:.mkv=01;35:.webm=01;35:.webp=01;35:.ogm=01;35:.mp4=01;35:.m4v=01;35:.mp4v=01;35:.vob=01;35:.qt=01;35:.nuv=01;35:.wmv=01;35:.asf=01;35:.rm=01;35:.rmvb=01;35:.flc=01;35:.avi=01;35:.fli=01;35:.flv=01;35:.gl=01;35:.dl=01;35:.xcf=01;35:.xwd=01;35:.yuv=01;35:.cgm=01;35:.emf=01;35:.ogv=01;35:.ogx=01;35:.aac=00;36:.au=00;36:.flac=00;36:.m4a=00;36:.mid=00;36:.midi=00;36:.mka=00;36:.mp3=00;36:.mpc=00;36:.ogg=00;36:.ra=00;36:.wav=00;36:.oga=00;36:.opus=00;36:.spx=00;36:.xspf=00;36:" declare -x OLDPWD="/" declare -x ORIGINAL_XDG_CURRENT_DESKTOP="undefined" declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games" declare -x POWERSHELL_TELEMETRY_OPTOUT="1" declare -x POWERSHELL_UPDATECHECK="Off" declare -x PWD="/" declare -x QT_ACCESSIBILITY="1" declare -x QT_AUTO_SCREEN_SCALE_FACTOR="0" declare -x QT_QPA_PLATFORMTHEME="qt5ct" declare -x SESSION_MANAGER="local/0:@/tmp/.ICE-unix/1843,unix/0:/tmp/.ICE-unix/1843" declare -x SHELL="/usr/bin/bash" declare -x SHLVL="3" declare -x SSH_AGENT_PID="1893" declare -x SSH_AUTH_SOCK="/tmp/REDACTED/agent.1843" declare -x TERM="xterm-256color" declare -x TERM_PROGRAM="vscode" declare -x TERM_PROGRAM_VERSION="1.68.0" declare -x USER="REDACTED" declare -x VSCODE_GIT_ASKPASS_EXTRA_ARGS="--ms-enable-electron-run-as-node" declare -x VSCODE_GIT_ASKPASS_MAIN="/usr/share/code/resources/app/extensions/git/dist/askpass-main.js" declare -x VSCODE_GIT_ASKPASS_NODE="/usr/share/code/code" declare -x VSCODE_GIT_IPC_HANDLE="/run/user/6666/REDACTED" declare -x WINDOWID="0" declare -x XAUTHORITY="/home/REDACTED/.Xauthority" declare -x XDG_DATA_DIRS="/usr/share/xfce4:/usr/local/share/:/usr/share/" declare -x XDG_GREETER_DATA_DIR="/var/lib/lightdm/data/REDACTED" declare -x XDG_RUNTIME_DIR="/run/user/6666" declare -x XDG_SEAT="seat0" declare -x XDG_SEAT_PATH="/org/freedesktop/DisplayManager/Seat0" declare -x XDG_SESSION_CLASS="user" declare -x XDG_SESSION_DESKTOP="lightdm-xsession" declare -x XDG_SESSION_ID="2" declare -x XDG_SESSION_PATH="/org/freedesktop/DisplayManager/Session0" declare -x XDG_SESSION_TYPE="x11" declare -x XDGVTNR="7" declare -x ="/usr/bin/bash" declare -x _JAVA_OPTIONS="-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true" Is not Debian ....