Re: [jokosher-devel] Jokosher Security Vulnerability



On 9/27/06, Laszlo Pandy <laszlok2 gmail com> wrote:
Basically this vulnerability boils down to a very liberal use of exec()
in Project.ExecuteCommand(). Any ideas on how to keep undo working
without having to be worried about trading Jokosher files with others?

A few thoughts:

Don't allow semicolons; there's not *all* that much you can do with
one command. However, do you need that "import os" there? It may
already be in the environment from the file that executes it. This
isn't a solution, though, just a workaround.

Have the Big List Of Allowable Functions and check that the undo
command looks like a call to one of them.

It might be easier, for example, to prefix all function names that are
used as undo functions with jokosher_ (so MoveEvent becomes
jokosher_MoveEvent) and then just store MoveEvent in the undo file;
when we retrieve the statement to execute, add jokosher_ onto the
front of the function before we call it.

sil

--
<Elleo> docs are for the weak!
<Elleo> you must divine the meaning of gnonlin through
       inner contemplation
          -- #jokosher



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]