ImageMagick ๋ณด์•ˆ

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ

์ž์„ธํ•œ ๋‚ด์šฉ์€ https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html์—์„œ ํ™•์ธํ•˜์„ธ์š”.

ImageMagick์€ ๋‹ค์žฌ๋‹ค๋Šฅํ•œ ์ด๋ฏธ์ง€ ์ฒ˜๋ฆฌ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋กœ, ๊ด‘๋ฒ”์œ„ํ•œ ์˜ต์…˜๊ณผ ์ƒ์„ธํ•œ ์˜จ๋ผ์ธ ๋ฌธ์„œ์˜ ๋ถ€์กฑ์œผ๋กœ ์ธํ•ด ๋ณด์•ˆ ์ •์ฑ… ๊ตฌ์„ฑ์— ์–ด๋ ค์›€์„ ๊ฒช์Šต๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž๋“ค์€ ์ข…์ข… ๋‹จํŽธ์ ์ธ ์ธํ„ฐ๋„ท ์†Œ์Šค๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœ ์ •์ฑ…์„ ์ƒ์„ฑํ•˜์—ฌ ์ž ์žฌ์ ์ธ ์ž˜๋ชป๋œ ๊ตฌ์„ฑ์„ ์ดˆ๋ž˜ํ•ฉ๋‹ˆ๋‹ค. ์ด ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋Š” 100๊ฐœ ์ด์ƒ์˜ ์ด๋ฏธ์ง€ ํ˜•์‹์„ ์ง€์›ํ•˜๋ฉฐ, ๊ฐ ํ˜•์‹์€ ๋ณต์žก์„ฑ๊ณผ ์ทจ์•ฝ์„ฑ ํ”„๋กœํ•„์— ๊ธฐ์—ฌํ•˜๋ฉฐ, ์ด๋Š” ์—ญ์‚ฌ์ ์ธ ๋ณด์•ˆ ์‚ฌ๊ฑด์—์„œ ์ž…์ฆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

๋” ์•ˆ์ „ํ•œ ์ •์ฑ…์„ ํ–ฅํ•˜์—ฌ

์ด๋Ÿฌํ•œ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•ด ๋„๊ตฌ๊ฐ€ ๊ฐœ๋ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค ์ด ๋„๊ตฌ๋Š” ImageMagick์˜ ๋ณด์•ˆ ์ •์ฑ…์„ ์„ค๊ณ„ํ•˜๊ณ  ๊ฐ์‚ฌํ•˜๋Š” ๋ฐ ๋„์›€์„ ์ฃผ๊ธฐ ์œ„ํ•ด ๊ด‘๋ฒ”์œ„ํ•œ ์—ฐ๊ตฌ์— ๊ธฐ๋ฐ˜ํ•˜๊ณ  ์žˆ์œผ๋ฉฐ, ์ •์ฑ…์ด ๊ฐ•๋ ฅํ•  ๋ฟ๋งŒ ์•„๋‹ˆ๋ผ ์•…์šฉ๋  ์ˆ˜ ์žˆ๋Š” ํ—ˆ์ ์ด ์—†๋„๋ก ํ•˜๋Š” ๊ฒƒ์„ ๋ชฉํ‘œ๋กœ ํ•ฉ๋‹ˆ๋‹ค.

ํ—ˆ์šฉ ๋ชฉ๋ก ๋Œ€ ๊ฑฐ๋ถ€ ๋ชฉ๋ก ์ ‘๊ทผ๋ฒ•

์—ญ์‚ฌ์ ์œผ๋กœ ImageMagick ์ •์ฑ…์€ ํŠน์ • ์ฝ”๋”์˜ ์ ‘๊ทผ์„ ๊ฑฐ๋ถ€ํ•˜๋Š” ๊ฑฐ๋ถ€ ๋ชฉ๋ก ์ ‘๊ทผ๋ฒ•์— ์˜์กดํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜ ImageMagick 6.9.7-7์—์„œ ์ด ํŒจ๋Ÿฌ๋‹ค์ž„์ด ๋ณ€ํ™”ํ•˜์—ฌ ํ—ˆ์šฉ ๋ชฉ๋ก ์ ‘๊ทผ๋ฒ•์ด ๊ฐ€๋Šฅํ•ด์กŒ์Šต๋‹ˆ๋‹ค. ์ด ์ ‘๊ทผ๋ฒ•์€ ๋จผ์ € ๋ชจ๋“  ์ฝ”๋”์˜ ์ ‘๊ทผ์„ ๊ฑฐ๋ถ€ํ•œ ๋‹ค์Œ ์‹ ๋ขฐํ•  ์ˆ˜ ์žˆ๋Š” ์ฝ”๋”์—๊ฒŒ ์„ ํƒ์ ์œผ๋กœ ์ ‘๊ทผ์„ ํ—ˆ์šฉํ•˜์—ฌ ๋ณด์•ˆ ํƒœ์„ธ๋ฅผ ๊ฐ•ํ™”ํ•ฉ๋‹ˆ๋‹ค.

...
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
...

์ •์ฑ…์˜ ๋Œ€์†Œ๋ฌธ์ž ๊ตฌ๋ถ„

ImageMagick์˜ ์ •์ฑ… ํŒจํ„ด์€ ๋Œ€์†Œ๋ฌธ์ž๋ฅผ ๊ตฌ๋ถ„ํ•œ๋‹ค๋Š” ์ ์„ ์ฃผ๋ชฉํ•˜๋Š” ๊ฒƒ์ด ์ค‘์š”ํ•˜๋‹ค. ๋”ฐ๋ผ์„œ, ์ •์ฑ…์—์„œ ์ฝ”๋”์™€ ๋ชจ๋“ˆ์ด ์˜ฌ๋ฐ”๋ฅด๊ฒŒ ๋Œ€๋ฌธ์ž๋กœ ์„ค์ •๋˜์–ด ์žˆ๋Š”์ง€ ํ™•์ธํ•˜๋Š” ๊ฒƒ์ด ์˜๋„ํ•˜์ง€ ์•Š์€ ๊ถŒํ•œ์„ ๋ฐฉ์ง€ํ•˜๋Š” ๋ฐ ํ•„์ˆ˜์ ์ด๋‹ค.

๋ฆฌ์†Œ์Šค ์ œํ•œ

ImageMagick์€ ์ ์ ˆํ•˜๊ฒŒ ๊ตฌ์„ฑ๋˜์ง€ ์•Š์œผ๋ฉด ์„œ๋น„์Šค ๊ฑฐ๋ถ€ ๊ณต๊ฒฉ์— ์ทจ์•ฝํ•˜๋‹ค. ์ด๋Ÿฌํ•œ ์ทจ์•ฝ์ ์„ ๋ฐฉ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ์ •์ฑ…์—์„œ ๋ช…์‹œ์ ์ธ ๋ฆฌ์†Œ์Šค ์ œํ•œ์„ ์„ค์ •ํ•˜๋Š” ๊ฒƒ์ด ํ•„์ˆ˜์ ์ด๋‹ค.

์ •์ฑ… ๋‹จํŽธํ™”

์ •์ฑ…์€ ์„œ๋กœ ๋‹ค๋ฅธ ImageMagick ์„ค์น˜์—์„œ ๋‹จํŽธํ™”๋  ์ˆ˜ ์žˆ์œผ๋ฉฐ, ์ด๋กœ ์ธํ•ด ์ž ์žฌ์ ์ธ ์ถฉ๋Œ์ด๋‚˜ ๋ฎ์–ด์“ฐ๊ธฐ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋‹ค. ๋‹ค์Œ๊ณผ ๊ฐ™์€ ๋ช…๋ น์„ ์‚ฌ์šฉํ•˜์—ฌ ํ™œ์„ฑ ์ •์ฑ… ํŒŒ์ผ์„ ์ฐพ๊ณ  ํ™•์ธํ•˜๋Š” ๊ฒƒ์ด ๊ถŒ์žฅ๋œ๋‹ค:

$ find / -iname policy.xml

A Starter, Restrictive Policy

์ œํ•œ์ ์ธ ์ •์ฑ… ํ…œํ”Œ๋ฆฟ์ด ์ œ์•ˆ๋˜์—ˆ์œผ๋ฉฐ, ์ด๋Š” ์—„๊ฒฉํ•œ ๋ฆฌ์†Œ์Šค ์ œํ•œ ๋ฐ ์ ‘๊ทผ ์ œ์–ด์— ์ค‘์ ์„ ๋‘๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด ํ…œํ”Œ๋ฆฟ์€ ํŠน์ • ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์š”๊ตฌ ์‚ฌํ•ญ์— ๋งž์ถ˜ ๋งž์ถคํ˜• ์ •์ฑ… ๊ฐœ๋ฐœ์„ ์œ„ํ•œ ๊ธฐ์ค€์„  ์—ญํ• ์„ ํ•ฉ๋‹ˆ๋‹ค.

๋ณด์•ˆ ์ •์ฑ…์˜ ํšจ๊ณผ๋Š” ImageMagick์—์„œ identify -list policy ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋˜ํ•œ, ์•ž์„œ ์–ธ๊ธ‰ํ•œ evaluator tool์„ ์‚ฌ์šฉํ•˜์—ฌ ๊ฐœ๋ณ„ ์š”๊ตฌ ์‚ฌํ•ญ์— ๋”ฐ๋ผ ์ •์ฑ…์„ ๊ฐœ์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

References

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ