Untrusted environment: Difference between revisions
basic draft page |
|||
Line 30: | Line 30: | ||
Sometimes chroot jails are used to add a layer of security to |
Sometimes chroot jails are used to add a layer of security to |
||
<lang bash>mkdir ~/jail |
<lang bash>mkdir ~/jail |
||
cd ~/jail; |
|||
chroot ~/jail; |
chroot ~/jail; |
||
setuid(9); # if 9 is the userid of a non-root user |
|||
rm /etc/hosts # actually points to ~/jail/etc/hosts</lang> |
rm /etc/hosts # actually points to ~/jail/etc/hosts</lang> |
Revision as of 20:22, 17 January 2013
Sometimes it is useful to run code with inputs from untrusted users, untrusted code, etc. Explain the features your language uses in these circumstances and give sample code.
The intention is that the definition is to be interpreted broadly; different languages will solve this task in very different ways and with (generally) incomparable results.
PARI/GP
GP has a default, secure
, which disallows the system
and extern
commands. Once activated this default cannot be removed without input from the user (i.e., not a script).
<lang parigp>default(secure,1); system("del file.txt"); default(secure,0); \\ Ineffective without user input</lang>
Perl
Perl can be invoked in taint mode with the command line option -T
. While in this mode input from the user, and all variables derived from it, cannot be used in certain contexts until 'sanitized' by being passed through a regular expression.
<lang perl>#!/usr/bin/perl -T my $f = $ARGV[0]; open FILE, ">$f" or die 'Cannot open file for writing'; print FILE "Modifying an arbitrary file\n"; close FILE;</lang>
Ruby
Ruby handles untrusted input with the global variable $SAFE
. Settings higher than 0 invoke an increasing level of sandboxing and general paranoia.
<lang ruby>require 'cgi'
$SAFE = 4
cgi = CGI::new("html4")
eval(cgi["arbitrary_input"].to_s)</lang>
UNIX Shell
Sometimes chroot jails are used to add a layer of security to <lang bash>mkdir ~/jail cd ~/jail; chroot ~/jail; setuid(9); # if 9 is the userid of a non-root user rm /etc/hosts # actually points to ~/jail/etc/hosts</lang>