[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] Sandbox improvements

From: arnold
Subject: Re: [bug-gawk] Sandbox improvements
Date: Tue, 30 Apr 2019 14:05:26 -0600
User-agent: Heirloom mailx 12.5 7/5/10


Thanks for your note. Your point about being able to change ARGV
is a good one; I will look into disallowing it in sandbox mode.

I will admit that I don't really understand what you're looking for
with the other suggestions; they sound difficult to implement.
(Of course, patches are welcome and will be reviewed.)



Nolan Woods <address@hidden> wrote:

> Hi, thank you for such a great tool.
> The sandbox functionality of gawk is great, but it needs significant
> improvements.
> Even with sandbox, arbitrary files can be read using the following code:
>     ARGV[ARGC]="/etc/passwd";
>     ARGC++;
> }1
> Argument rewriting is an important feature as it allows controlling
> execution (like the example rewind() function).
> I would like to propose that a list of original argument paths be used
> as a whitelist for all functions.
> It would be ideal to relax the restrictions on the currently sandboxed
> functions as accessing internet resources is a useful feature that would
> not affect the local system.
> --
> Bioinformatically yours,
> Nolan Woods[X]
> Bioinformatics | Brinkman Laboratories
> Simon Fraser University | Key Big Data Hub
> 8888 University Dr., Burnaby, B.C. V5A 1S6
> T: 778.782.5097 | http://www.brinkman.mbb.sfu.ca/
> [Simon Fraser University]

reply via email to

[Prev in Thread] Current Thread [Next in Thread]