Misconfigured Blocklists / Safelists
In many situations, a system will want to limit which resources a process can interact with. For example, it may want to only allow a program to read to a specific set of files (in which case a safe list is in order) or may want to disallow reads to a specific list of files (in which case a block list is in order). The same approach can extend beyond reading files: lists of executable programs, importable libraries, or users can use the same logic.
An attacker can exploit a misconfigured blocklist or safelist by finding something that is not on the blocklist (but should be) or is on the safelist (but should not be).
Depending on the situation, misconfigured lists can result in up to and including arbitrary code execution.
The main defense for misconfigured blocklists and safelists is simply caution. First, it is important to ensure you are using the correct approach between a blocklist and a safelist. Next, it is important to carefully review the lists.
Tips for Demonstration
In order to demonstrate that you have preformed this exploit you should:
- Indentify the code that is implementing the blocklist or safelist
- Show the flaw in this code's logic (i.e. how you can circumvent the blocklist or use something maliciously from the safelist)
- Show the result of being able to bypass this security measure