Process hijacking in jupyter_client
moradek opened this issue · 1 comments
moradek commented
This problem is not related to the code of this project, but it is critical for this project.
In script localinterface.py of module jupyter_client, there is the code, that start ipconfig on Windows systems:
def _load_ips_ipconfig():
"""load ip addresses from `ipconfig` output (Windows)"""
out = _get_output('ipconfig')
lines = out.splitlines()
addrs = []
for line in lines:
m = _ipconfig_ipv4_pat.match(line.strip())
if m:
addrs.append(m.group(1))
_populate_from_list(addrs)
Definition of _get_output:
def _get_output(cmd):
"""Get output of a command, raising IOError if it fails"""
startupinfo = None
if os.name == 'nt':
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW
p = Popen(cmd, stdout=PIPE, stderr=PIPE, startupinfo=startupinfo)
stdout, stderr = p.communicate()
if p.returncode:
raise IOError("Failed to run %s: %s" % (cmd, stderr.decode('utf8', 'replace')))
return stdout.decode('utf8', 'replace')
In fact this code start ipconfig with relative path.
So if IDA try to analyze file C:\Test\notepad.exe.i64, module jupyter_client will start C:\Test\ipconfig.exe:
marc-etienne commented
This is an upstream bug in Jupyter. Did you report it to them?