Permissions module causing "[Errno 13] Permission denied"

[ChrisThibodeaux]

Firstly, thank you for everyone who is keeping CAPEv2 going. I am creating this to help anyone else who comes across the same issue, just as in this recent issue #2133. It appears that the Permissions module has been known to cause issues before, as seen with #1376.

When running a Windows 10/11 guest VM, enabling permissions in auxiliary.conf causes [Errno 13] Permission denied and prevents analysis' running. You will only have static analysis returned from the submission. Setting the value to permissions = no in auxiliary.conf fixes this. The snippet below from analysis.log are examples of the issues caused.

...
TLSDumpMasterSecrets: [Errno 13] Permission denied: 'C:\\tmpz4cchxn6\\dll\\820.ini'
...
2024-06-30 00:53:40,937 [lib.api.process] INFO: Successfully executed process from path "C\Users\UNKNOW~1\AppData\Local\Temp\21f4898537276a069129133a.exe" with arguments "" with pid 1516
2024-06-30 00:53:40,937 [lib.api.process] INFO: Monitor config for <Process 1516 21f4898537276a069129133a.exe>: C:\tmpz4cchxn6\dll\1516.ini
2024-06-30 00:53:40,984 [root] INFO: You probably submitted the job with wrong package
Traceback (most recent call last):
  File "C:\tmpz4cchxn6\analyzer.py", line 612, in run
    pids = self.package.start(self.target)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\tmpz4cchxn6\modules\packages\exe.py", line 37, in start
    return self.execute(path, args, path)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\tmpz4cchxn6\lib\common\abstracts.py", line 176, in execute
    p.inject(interest)
  File "C:\tmpz4cchxn6\lib\api\process.py", line 649, in inject
    self.write_monitor_config(interest, nosleepskip)
  File "C:\tmpz4cchxn6\lib\api\process.py", line 569, in write_monitor_config
    with open(config_path, "w", encoding="utf-8") as config:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: 'C:\\tmpz4cchxn6\\dll\\1516.ini'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
  File "C:\tmpz4cchxn6\analyzer.py", line 1522, in <module>
    success = analyzer.run()
              ^^^^^^^^^^^^^^
  File "C:\tmpz4cchxn6\analyzer.py", line 618, in run
    raise CuckooError(
lib.common.exceptions.CuckooError: The package "modules.packages.exe" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\\tmpz4cchxn6\\dll\\1516.ini'

Looking at the module, I am not sure whether the intent is to hard code the locations or have them passed along as options during submission. I could not find anything in the documentation about this, nor did I see anywhere that self.options["permissions"] was being set in the code. Without a doubt, not giving explicit locations breaks analysis on Windows 10/11 VMs.

Please feel free to close this issue whenever.

[doomedraven]

thanks for headups, def need check this, main issue is spare time right now, so i will leave it open till I or someone else review this

[ChrisThibodeaux]

I will take a closer look this evening and put up a PR if I find a good fix.

[ChrisThibodeaux]

@doomedraven I have a PR for this. #2203

I do not have a Windows 7 install to test this on, so my approach may need to be adjusted.

[doomedraven]

Thanks for PR El mar, 2 jul 2024, 4:08, ChrisThibodeaux ***@***.***> escribió:

…

@doomedraven <https://github.com/doomedraven> I have a PR for this. #2203 <#2203> I do not have a Windows 7 install to test this on, so my approach may need to be adjusted. — Reply to this email directly, view it on GitHub <#2197 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOFH3ZEXDDBJ2MAU7SU7ITZKIDQDAVCNFSM6AAAAABKD2KLDWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBRGY3TMNJVGY> . You are receiving this because you were mentioned.Message ID: ***@***.***>