I'm designing a project for a college-level computer security course, and I'm trying to include a vulnerability where code which is "clean" by virtue of a number of risky packages being blacklisted (unsafe
, os
, ioutil
, etc). The question is this: can you think of a way to use other non-obvious Go standard library packages to escape the sandbox? "Escape the sandbox" here means reading/writing files, making network connections, breaking memory safety (which would allow you to do any of the other things), etc.
Things I've tried so far that haven't worked:
- Using the
reflect
package to do unsafe pointer conversions (thereflect
package seems really safe against this sort of abuse) - Using the
reflect
package to get access to a reference held by a random stdlib package to some sensitive function likeos.Open
(I haven't found any that actually keep function pointers or anything like that)