[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] Bug in sandbox mode?
From: |
Manuel Collado |
Subject: |
Re: [bug-gawk] Bug in sandbox mode? |
Date: |
Mon, 20 Jun 2011 11:18:44 +0200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.2.9) Gecko/20100825 Thunderbird/3.1.3 |
El 16/06/2011 21:11, Aharon Robbins escribió:
Hi.
In article<address@hidden>,
Edward Rosten<address@hidden> wrote:
...
I think I've found a bug in the sandbox mode:
./gawk --sandbox 'BEGIN{ARGV[1]="/etc/passwd"}1' /dev/null
shows the contents of /etc/passwd.
Why is this a bug? I bet that cat /etc/passwd shows the contents
of the file as well. Sandbox mode prevents *writing* files, not reading them.
Well, the info manual says:
`--sandbox'
Disable the `system()' function, input redirections with `getline',
output redirections with `print' and `printf', and dynamic
extensions. This is particularly useful when you want to run
`awk' scripts from questionable sources and need to make sure the
scripts can't access your system (other than the specified input
data file).
IMHO, disabling getline redirection only makes sense if you want to
prevent *reading* system files from dubious scripts, right?
So perhaps the reported behavior can be seen as a bug, because it is a
workaround for some of the intended --sandbox restrictions.
Kind regards,
--
Manuel Collado - http://lml.ls.fi.upm.es/~mcollado
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [bug-gawk] Bug in sandbox mode?,
Manuel Collado <=