Re: [bug-gawk] Bug in sandbox mode?

bug-gawk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] Bug in sandbox mode?

From:	Manuel Collado
Subject:	Re: [bug-gawk] Bug in sandbox mode?
Date:	Mon, 20 Jun 2011 11:18:44 +0200
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3

El 16/06/2011 21:11, Aharon Robbins escribió:

Hi.

In article<address@hidden>,
Edward Rosten<address@hidden>  wrote:
...

I think I've found a bug in the sandbox mode:

./gawk --sandbox 'BEGIN{ARGV[1]="/etc/passwd"}1' /dev/null

shows the contents of /etc/passwd.


Why is this a bug?  I bet that cat /etc/passwd shows the contents
of the file as well. Sandbox mode prevents *writing* files, not reading them.


Well, the info manual says:

`--sandbox'
     Disable the `system()' function, input redirections with `getline',
     output redirections with `print' and `printf', and dynamic
     extensions.  This is particularly useful when you want to run
     `awk' scripts from questionable sources and need to make sure the
     scripts can't access your system (other than the specified input
     data file).

IMHO, disabling getline redirection only makes sense if you want toprevent *reading* system files from dubious scripts, right?

So perhaps the reported behavior can be seen as a bug, because it is aworkaround for some of the intended --sandbox restrictions.


Kind regards,
--
Manuel Collado - http://lml.ls.fi.upm.es/~mcollado

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [bug-gawk] Bug in sandbox mode?, Manuel Collado <=

Prev by Date: [bug-gawk] Problem with building gawk v3.1.86 with MinGW on win32
Next by Date: [bug-gawk] length() crash
Previous by thread: [bug-gawk] Problem with building gawk v3.1.86 with MinGW on win32
Next by thread: [bug-gawk] length() crash
Index(es):
- Date
- Thread