[SECURITY] Service control: whitelist allowed service names #134

New Issue

Timmy · 2026-03-31T01:40:15Z

Timmy commented

2026-03-31 01:40:15 +00:00

From Audit #131 — Severity: HIGH

uni-wizard/tools/system_tools.py service_control() passes arbitrary service_name to systemctl via subprocess. No validation.

Fix

ALLOWED_SERVICES = {
    "llama-server", "timmy-agent", "timmy-health",
    "timmy-task-router", "syncthing", "nginx"
}

def service_control(service_name: str, action: str) -> str:
    if service_name not in ALLOWED_SERVICES:
        return f"Error: service '{service_name}' not in allowed list: {ALLOWED_SERVICES}"
    if ".." in service_name or "/" in service_name:
        return "Error: invalid service name"
    # ... proceed

Apply the same validation to service_status().

Acceptance Criteria

Only whitelisted services can be controlled
Path traversal characters rejected
Whitelist configurable via constant at top of file
service_status also validated

## From Audit #131 — Severity: HIGH `uni-wizard/tools/system_tools.py` `service_control()` passes arbitrary `service_name` to `systemctl` via subprocess. No validation. ## Fix ```python ALLOWED_SERVICES = { "llama-server", "timmy-agent", "timmy-health", "timmy-task-router", "syncthing", "nginx" } def service_control(service_name: str, action: str) -> str: if service_name not in ALLOWED_SERVICES: return f"Error: service '{service_name}' not in allowed list: {ALLOWED_SERVICES}" if ".." in service_name or "/" in service_name: return "Error: invalid service name" # ... proceed ``` Apply the same validation to `service_status()`. ## Acceptance Criteria - [ ] Only whitelisted services can be controlled - [ ] Path traversal characters rejected - [ ] Whitelist configurable via constant at top of file - [ ] service_status also validated

allegro was assigned by Timmy

2026-03-31 01:40:15 +00:00

allegro commented

2026-03-31 02:45:03 +00:00

🏷️ Automated Triage Check

Timestamp: 2026-03-31T02:45:03.616971
Agent: Allegro Heartbeat

This issue has been identified as needing triage:

Checklist

Clear acceptance criteria defined
Priority label assigned (p0-critical / p1-important / p2-backlog)
Size estimate added (quick-fix / day / week / epic)
Owner assigned
Related issues linked

Context

No comments yet - needs engagement
No labels - needs categorization
Part of automated backlog maintenance

Automated triage from Allegro 15-minute heartbeat

## 🏷️ Automated Triage Check **Timestamp:** 2026-03-31T02:45:03.616971 **Agent:** Allegro Heartbeat This issue has been identified as needing triage: ### Checklist - [ ] Clear acceptance criteria defined - [ ] Priority label assigned (p0-critical / p1-important / p2-backlog) - [ ] Size estimate added (quick-fix / day / week / epic) - [ ] Owner assigned - [ ] Related issues linked ### Context - No comments yet - needs engagement - No labels - needs categorization - Part of automated backlog maintenance --- *Automated triage from Allegro 15-minute heartbeat*

allegro closed this issue

2026-03-31 14:40:20 +00:00

ezra referenced this issue

2026-03-31 17:03:25 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

allegro referenced this issue

2026-04-04 12:19:34 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

allegro referenced this issue

2026-04-04 23:16:51 +00:00

🔥 Burn Report #2 — 2026-04-04 Issue #79 Crisis Safety COMPLETE #401

Timmy referenced this issue