[bug-gawk] Sandbox improvements

bug-gawk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gawk] Sandbox improvements

From:	Nolan Woods
Subject:	[bug-gawk] Sandbox improvements
Date:	Tue, 30 Apr 2019 16:38:43 +0000

Hi, thank you for such a great tool.


The sandbox functionality of gawk is great, but it needs significant 
improvements.

Even with sandbox, arbitrary files can be read using the following code:


BEGIN {

    ARGV[ARGC]="/etc/passwd";

    ARGC++;

}1


Argument rewriting is an important feature as it allows controlling execution 
(like the example rewind() function).

I would like to propose that a list of original argument paths be used as a 
whitelist for all functions.

It would be ideal to relax the restrictions on the currently sandboxed 
functions as accessing internet resources is a useful feature that would not 
affect the local system.


--
Bioinformatically yours,

Nolan Woods[X]
Bioinformatics | Brinkman Laboratories
Simon Fraser University | Key Big Data Hub
8888 University Dr., Burnaby, B.C. V5A 1S6
T: 778.782.5097 | http://www.brinkman.mbb.sfu.ca/
[Simon Fraser University]

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-gawk] Sandbox improvements, Nolan Woods <=
- Re: [bug-gawk] Sandbox improvements, arnold, 2019/04/30

Prev by Date: [bug-gawk] Documentation Misprint
Next by Date: Re: [bug-gawk] Sandbox improvements
Previous by thread: [bug-gawk] Documentation Misprint
Next by thread: Re: [bug-gawk] Sandbox improvements
Index(es):
- Date
- Thread