Skip to content

🛡️ Sentinel: [CRITICAL] Fix arbitrary command execution via unvalidated binary path#46

Open
bitcoiner-dev wants to merge 1 commit into
masterfrom
sentinel-fix-arbitrary-command-execution-11265635129825612101
Open

🛡️ Sentinel: [CRITICAL] Fix arbitrary command execution via unvalidated binary path#46
bitcoiner-dev wants to merge 1 commit into
masterfrom
sentinel-fix-arbitrary-command-execution-11265635129825612101

Conversation

@bitcoiner-dev
Copy link
Copy Markdown
Owner

@bitcoiner-dev bitcoiner-dev commented May 10, 2026

🚨 Severity: CRITICAL
💡 Vulnerability: The CLI application allowed users to supply an arbitrary executable path for bitcoin_cli in their profile configuration. This path was passed directly to std::process::Command::new without any validation. While Command::new uses execve directly and mitigates classic shell injection in the arguments, it does not prevent an attacker or a malicious configuration from substituting the intended binary with an arbitrary system binary (like /bin/sh or a trojan executable) to gain complete control under the context of the running application.
🎯 Impact: Arbitrary command execution leading to complete host takeover, data theft (including sensitive wallet information), and privilege escalation.
🔧 Fix: Implemented validate_bitcoin_cli_path in src/utils.rs which performs strict validation on the given path. It asserts that the filename component is exactly bitcoin-cli or bitcoin-cli.exe, and explicitly blocks directory traversal attempts (..). This validation is now applied before initializing std::process::Command::new in both invocations of run_bitcoin_cli across the codebase.
Verification: Run cargo test --bin zinc-cli to ensure there are no regressions. Attempt to run the CLI with a malicious bitcoin_cli path in the profile (e.g. /bin/sh) to verify that the CLI correctly rejects it with a configuration error instead of executing it.

PR created automatically by Jules for task 11265635129825612101 started by @bitcoiner-dev

@google-labs-jules @bitcoiner-dev
🛡️ Sentinel: [CRITICAL] Fix arbitrary command execution via unvalidat…
0b0a8fc 
…ed binary path

This patch implements strict validation on the binary paths configured by the user before executing them as shell commands. Specifically, it ensures the `bitcoin_cli` path points strictly to an approved executable (`bitcoin-cli` or `bitcoin-cli.exe`) and rejects paths containing `..` traversal. This prevents arbitrary system command execution.

Co-authored-by: bitcoiner-dev <75873427+bitcoiner-dev@users.noreply.github.com>
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules Bot commented May 10, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bitcoiner-dev