[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-smalltalk] Security Issue VFS

From: Paolo Bonzini
Subject: Re: [Help-smalltalk] Security Issue VFS
Date: Wed, 16 Nov 2011 15:45:45 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110930 Thunderbird/7.0.1

On 11/16/2011 03:31 PM, maarten wrote:


Holger Fretyher and I concluded that there's a security issue in the
VFSAddOns package.

Code like this:

PackageLoader fileInPackage: 'VFSAddOns'.
((File name: 'dontcare') zip) createDirectory: '; xterm'.

Will not only try to open the zip, but also execute xterm, which
shouldn't be possible.
Now I'm wondering what would be the best way to fix this.

Paolo Bonzini suggested that doing something like:

st> 'abc'';xterm' asFile displayNl

might fix something.

I wonder if this would suffice or if there probably exists something
like the execvp system call for gnu-smalltalk?

It is on my todo list (and has been for a while) to write a class for something like the posix_spawn API. Ideally, that class would let you attach arbitrary files/URLs/pipes to file descriptors in the child, and then spawn the child. Such an interface would also let you choose between a parsed and unparsed command line.

Another simpler possibility would be to add something like

    Smalltalk system: #('zip' 'abc' 'def')

... that would automatically escape each argument. However this assumes that you do not need any redirection or piping, because in that case the '>' or '|' would be escaped too.

A third possibility hence is to have

    Smalltalk system: 'zip %1 %2 > %3'
         withArguments: {'abc'. 'def'. 'ghi'}

that would let the user choose what to escape and what not.

Also VFSAddOns contained two bugs which made it impossible to use, I
think I've fixed those now so I'll try to submit those later. Where
should I do this?

Here is fine, or a pull request on github.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]