# [security] fix(commands): keep bridge local-only by default #208 ## Vulnerability Overview This PR addresses a security vulnerability in the `/bridge` command within OpenHarness. The command allows initiating shell sessions via `/bridge spawn CMD`. However, due to its default configuration of `remote_invocable=True` (allowing remote invocation), attackers can send arbitrary commands through trusted remote channels (Remote Channel/Gateway), thereby executing system commands within the context of the OpenHarness process. ## Impact Scope * **Severity**: High (CVSS v3.1 8.8) * **Attack Vector**: The attacker must be a configured sender for a remote channel/gateway (Accepted remote channel/gateway sender). * **Impact**: Attackers can execute arbitrary OS commands, leading to local file leakage, credential exposure, workspace state tampering, or the initiation of long-running processes. ## Remediation 1. **Modify Registration Behavior**: Change the registration parameter for the `/bridge` command from `remote_invocable=True` to `remote_invocable=False`, making it available locally by default. 2. **Retain Administrator Privileges**: Mark as `remote_admin_opt_in=True`, allowing trusted deployments to re-enable remote management functionality through explicit configuration. 3. **Add Interception Logic**: Implement logic at the gateway layer to reject remotely sent `/bridge spawn` messages before the command processor executes them. ## POC Code / Exploit Code **Exploitation Steps (Safe reproduction steps):** ```bash # 1. Send bridge spawn command /bridge spawn id: pwd # 2. Observe the gateway accepting the command and reporting the spawned bridge session # 3. Retrieve output via the bridge output path /bridge list /bridge output ``` **Verification Code (Local validation harness):** ```python # origin/main at 380bab4 REMOTE_INVOCABLE True REMOTE_ADMIN_OPT_IN False FINAL Spawned bridge session bridge-... pid=... BRIDGE_SESSIONS 1 MARKER_EXISTS True MARKER_CONTENT REMOTE_BRIDGE_EXEC # this PR branch REMOTE_INVOCABLE False REMOTE_ADMIN_OPT_IN True FINAL /bridge is only available in the local OpenHarness UI. BRIDGE_SESSIONS 0 MARKER_EXISTS False ```