Description
Six functions in bin/lib/onboard.js create temporary files with predictable names using Date.now() and Math.random().toString(36):
probeOpenAiLikeEndpoint (line 666)probeAnthropicEndpoint (line 710)fetchNvidiaEndpointModels (line 856)fetchOpenAiLikeModels (line 910)fetchAnthropicModels (line 946)writeSandboxConfigSyncFile (line 527)
Math.random() is not cryptographically secure — its output is predictable from a known seed. Combined with Date.now() (millisecond precision), a local attacker can predict the filename and win a race to:
- Create a symlink at the predicted path before the probe runs
- Redirect curl output (which may contain API responses with model data) to an attacker-controlled location
- For
writeSandboxConfigSyncFile, inject a malicious script that gets piped into openshell sandbox connect
The same file already uses fs.mkdtempSync() securely in two other places (lines 1764 and 2680), making this an inconsistency rather than a missing capability.
Reproduction Steps
- Read
bin/lib/onboard.js line 666
- Note the filename pattern:
nemoclaw-probe-${Date.now()}-${Math.random()...}.json
- Both
Date.now() and Math.random() are predictable — Date.now() is millisecond-resolution wall clock, Math.random() uses xorshift128+ with a recoverable seed
- An attacker on the same system can pre-create a symlink at the predicted path in
/tmp
Expected Behavior
Temp files should use fs.mkdtempSync() which creates a directory with a cryptographically random suffix (via the OS mkdtemp syscall), preventing filename prediction.
Actual Behavior
Temp files use predictable names constructed from Date.now() + Math.random().
Environment
- Code review — applies to current
main branch
- File:
bin/lib/onboard.js
Debug Output
N/A — static analysis finding.
Logs
N/A
Checklist
Description
Six functions in
bin/lib/onboard.jscreate temporary files with predictable names usingDate.now()andMath.random().toString(36):probeOpenAiLikeEndpoint(line 666)probeAnthropicEndpoint(line 710)fetchNvidiaEndpointModels(line 856)fetchOpenAiLikeModels(line 910)fetchAnthropicModels(line 946)writeSandboxConfigSyncFile(line 527)Math.random()is not cryptographically secure — its output is predictable from a known seed. Combined withDate.now()(millisecond precision), a local attacker can predict the filename and win a race to:writeSandboxConfigSyncFile, inject a malicious script that gets piped intoopenshell sandbox connectThe same file already uses
fs.mkdtempSync()securely in two other places (lines 1764 and 2680), making this an inconsistency rather than a missing capability.Reproduction Steps
bin/lib/onboard.jsline 666nemoclaw-probe-${Date.now()}-${Math.random()...}.jsonDate.now()andMath.random()are predictable —Date.now()is millisecond-resolution wall clock,Math.random()uses xorshift128+ with a recoverable seed/tmpExpected Behavior
Temp files should use
fs.mkdtempSync()which creates a directory with a cryptographically random suffix (via the OSmkdtempsyscall), preventing filename prediction.Actual Behavior
Temp files use predictable names constructed from
Date.now()+Math.random().Environment
mainbranchbin/lib/onboard.jsDebug Output
N/A — static analysis finding.
Logs
N/A
Checklist