[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-gawk] Sandbox improvements
From: |
Nolan Woods |
Subject: |
[bug-gawk] Sandbox improvements |
Date: |
Tue, 30 Apr 2019 16:38:43 +0000 |
Hi, thank you for such a great tool.
The sandbox functionality of gawk is great, but it needs significant
improvements.
Even with sandbox, arbitrary files can be read using the following code:
BEGIN {
ARGV[ARGC]="/etc/passwd";
ARGC++;
}1
Argument rewriting is an important feature as it allows controlling execution
(like the example rewind() function).
I would like to propose that a list of original argument paths be used as a
whitelist for all functions.
It would be ideal to relax the restrictions on the currently sandboxed
functions as accessing internet resources is a useful feature that would not
affect the local system.
--
Bioinformatically yours,
Nolan Woods[X]
Bioinformatics | Brinkman Laboratories
Simon Fraser University | Key Big Data Hub
8888 University Dr., Burnaby, B.C. V5A 1S6
T: 778.782.5097 | http://www.brinkman.mbb.sfu.ca/
[Simon Fraser University]
- [bug-gawk] Sandbox improvements,
Nolan Woods <=