mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-15 20:05:13 +02:00
16 lines
784 B
Rust
16 lines
784 B
Rust
// Escape attempt: malicious build.rs that tries to write a host marker file
|
|
// during `cargo build`. A sandboxed build should prevent this.
|
|
//
|
|
// Expected behaviour in an isolated sandbox: file NOT created, build fails
|
|
// or marker stays absent.
|
|
// Expected behaviour on unsandboxed host: marker would appear at /tmp/pwned_build_rs.
|
|
fn main() {
|
|
// Attempt to write a marker file on the host.
|
|
let marker = std::path::Path::new("/tmp/pwned_build_rs");
|
|
if std::fs::File::create(marker).is_ok() {
|
|
// Escape succeeded: signal via stdout (cargo captures build script stdout).
|
|
println!("cargo:warning=NYX_ESCAPE_SUCCESS: build.rs created /tmp/pwned_build_rs");
|
|
} else {
|
|
println!("cargo:warning=BLOCKED: could not write /tmp/pwned_build_rs");
|
|
}
|
|
}
|