From: Charles Forsyth <charles.forsyth@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] shell functions
Date: Mon, 29 Sep 2014 14:20:46 +0100 [thread overview]
Message-ID: <CAOw7k5j6rSYAqpNvKZRB90AbemJMvRtr3swhjOx1WxTEk4j0JQ@mail.gmail.com> (raw)
In-Reply-To: <CC7DC1E3-61D3-4C10-B0CE-CD1DA60BA75A@ar.aichi-u.ac.jp>
[-- Attachment #1: Type: text/plain, Size: 830 bytes --]
On 29 September 2014 14:03, arisawa <arisawa@ar.aichi-u.ac.jp> wrote:
> today, we have a number of malicious request to our web server.
> assume a web server accept a request with a query
> query='fn#foo=fn%20foo%20{echo%20yes};%20echo%20no%0a’
>
but why should a web server put arbitrary data from a remote user
unrestrained into the environment?
even if rc used a restricted parser, as it stands you could still write
fn#cd=fn%20cd%20{do_horrible_thing}
and it would stand a good chance of doing the horrible thing if the web
server runs a shell script that does a cd.
really, as with Apache, the problem is the uncritical nature of the web
server.
it's probably reasonable to have rc use a parser that accepts only
functions, but that's for precision, not to fix a security problem
elsewhere.
[-- Attachment #2: Type: text/html, Size: 1406 bytes --]
next prev parent reply other threads:[~2014-09-29 13:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAL0h+tWUCrwWoTSeLz+Kx1yqKwKqwDBZZbH7fLe-PWXjLSgWWw@mail.gmail.com>
2014-09-26 15:54 ` Russ Cox
2014-09-26 16:32 ` [9fans] " Kurt H Maier
2014-09-26 16:44 ` Skip Tavakkolian
2014-09-26 16:55 ` Kurt H Maier
2014-09-29 15:30 ` Russ Cox
2014-09-26 16:48 ` Bakul Shah
2014-09-27 14:40 ` Christian Neukirchen
2014-09-28 7:00 ` arisawa
2014-09-28 9:39 ` Richard Miller
2014-09-29 13:03 ` arisawa
2014-09-29 13:20 ` Charles Forsyth [this message]
2014-10-01 9:37 ` arisawa
2014-09-29 18:05 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOw7k5j6rSYAqpNvKZRB90AbemJMvRtr3swhjOx1WxTEk4j0JQ@mail.gmail.com \
--to=charles.forsyth@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).