~ 3 min read
Enhancing MCP Server Security: A Guide to Using execFile
In the world of Node.js applications, security is paramount, especially when dealing with user inputs that could potentially be exploited. This is even more so important when building agentic workflows using the Model Context Protocol (MCP) servers. This guide I wrote focuses on securing the MCP Server against command injection vulnerabilities by replacing the unsafe exec function with execFile. By the end of this tutorial, you’ll have a more secure MCP Server implementation, reducing the risk of malicious command execution.
Prerequisites
Before diving into the implementation, ensure you have the following:
- Node.js: Current LTS version installed.
- Familiarity with Node.js child process APIs: Understanding of
execandexecFile.
Understanding the Vulnerability
Command injection vulnerabilities occur when an application passes unsafe user input to a system shell. In the MCP Server, the which-app-on-port tool uses the exec function, which is vulnerable to such attacks. Here’s a snippet of the vulnerable code:
server.tool("which-app-on-port", { port: z.number() }, async ({ port }) => { const result = await new Promise<ProcessInfo>((resolve, reject) => { exec(`lsof -t -i tcp:${port}`, (error, pidStdout) => { if (error) { reject(error); return; } const pid = pidStdout.trim(); exec(`ps -p ${pid} -o comm=`, (error, stdout) => { if (error) { reject(error); return; } resolve({ command: stdout.trim(), pid }); }); }); });});Exploitation Example
An attacker could exploit this by injecting shell commands through the port parameter, such as ; rm -rf /tmp;#, leading to arbitrary command execution on the server.
Secure Coding Practices
Why exec is Unsafe
The exec function spawns a shell and executes the command within that shell, making it susceptible to injection attacks. This is particularly dangerous when user input is concatenated directly into the command string.
How execFile Mitigates Risks
As a replacement to the unsafe Node.js exec API, developers should consider execFile to execute a file directly without spawning a shell, thus preventing shell interpretation of the command and its arguments. This makes it a safer alternative for executing system commands with user input.
Implementing the Fix
Let’s replace exec with execFile in the MCP Server to mitigate the command injection vulnerability.
Step 1: Replace exec with execFile
First, update the which-app-on-port tool to use execFile:
server.tool("which-app-on-port", { port: z.number() }, async ({ port }) => { const result = await new Promise<ProcessInfo>((resolve, reject) => { execFile('lsof', ['-t', '-i', `tcp:${port}`], (error, pidStdout) => { if (error) { reject(error); return; } const pid = pidStdout.trim(); execFile('ps', ['-p', pid, '-o', 'comm='], (error, stdout) => { if (error) { reject(error); return; } resolve({ command: stdout.trim(), pid }); }); }); });});Why this matters: By using execFile, we eliminate the risk of shell command injection, as the command and its arguments are passed as separate parameters.
Step 2: Verify the Implementation
To ensure the vulnerability is resolved, test the tool with various inputs:
node server.js# Test with a valid portcurl http://localhost:3000/which-app-on-port?port=8080# Test with a malicious inputcurl http://localhost:3000/which-app-on-port?port=8080;touch /tmp/pwned;#Expected Output: The server should only execute the lsof and ps commands without interpreting the malicious input.
Broader Security Implications
Securing your MCP Server is just one step in maintaining a robust security posture. Here are some ongoing practices to consider:
- Regular Security Audits: Periodically review your code for vulnerabilities.
- Input Validation: Always validate and sanitize user inputs.
- Dependency Management: Keep your dependencies up to date to avoid known vulnerabilities.
Conclusion
By replacing exec with execFile, you’ve taken a significant step towards securing your MCP Server against command injection attacks. This change not only protects your application but also aligns with best practices in secure coding.