From c0ffc0aaf518f68d634944320cc9cc15373af0d5 Mon Sep 17 00:00:00 2001
From: liqiang-fit2cloud <liqiang@fit2cloud.com>
Date: Wed, 9 Apr 2025 09:57:11 +0800
Subject: [PATCH] security: fix reverse shell vulnerability in function
 library.

---
 apps/common/util/function_code.py | 2 +-
 installer/Dockerfile              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/common/util/function_code.py b/apps/common/util/function_code.py
index 31797a9f4..30ce3a33d 100644
--- a/apps/common/util/function_code.py
+++ b/apps/common/util/function_code.py
@@ -88,7 +88,7 @@ except Exception as e:
             os.system(f"chown {self.user}:{self.user} {exec_python_file}")
         kwargs = {'cwd': BASE_DIR}
         subprocess_result = subprocess.run(
-            ['su', '-c', python_directory + ' ' + exec_python_file, self.user],
+            ['su', '-s', python_directory, '-c', "exec(open('" + exec_python_file + "').read())", self.user],
             text=True,
             capture_output=True, **kwargs)
         os.remove(exec_python_file)
diff --git a/installer/Dockerfile b/installer/Dockerfile
index a2dc3f662..d2c1eefb6 100644
--- a/installer/Dockerfile
+++ b/installer/Dockerfile
@@ -70,7 +70,7 @@ RUN chmod 755 /opt/maxkb/app/installer/run-maxkb.sh && \
     useradd --no-create-home --home /opt/maxkb/app/sandbox sandbox -g root && \
     chown -R sandbox:root /opt/maxkb/app/sandbox && \
     chmod g-x /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/15/bin/* && \
-    chmod g+x /usr/local/bin/python* /bin/sh
+    chmod g+x /usr/local/bin/python*
 
 EXPOSE 8080