-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DOS: js expression make nodejs crash #9295
Comments
Node shouldn't mess with the built ins if possible. By you doing so, you shouldn't be surprised that things break. We might be able to work around it by storing a reference to the original function before user code can run, but I'm not sure if it's worth it. |
imho it's a security issue called denial of service. |
Freezing the builtins would probably break a ton of code. Also, how would an attacker execute such an attack? It seems like they would have to already be in a position to execute arbitrary code, in which case they could do much worse. |
I agree with @cjihrig. If an unauthorized person is able to modify your server code, then being worried about such a person adding that kind of breaking code is probably the least of your worries. |
that's for sure, obviously. |
just saw that the node exits without a SEGV so RCE is out of scope with this expression. for more infos: https://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ |
hi,
i was doing some javascript sorcery and i found out that the following js expression make the nodejs kill itself because it's tampering the prototype of Array.
Array.prototype.push = Array.prototype.push.bind(Array.prototype);
e.g.
nodejs is crashing at this line -> https://github.com/nodejs/node/blob/master/lib/internal/process/next_tick.js#L67
i think that making not writable and not configurable the prototypes of built in types can prevent such very evil things.
what do you think about guys?
The text was updated successfully, but these errors were encountered: