From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.text.pandoc/30547 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Albert Krewinkel Newsgroups: gmane.text.pandoc Subject: Re: Lua filter security: safe mode? Date: Thu, 12 May 2022 15:15:02 +0200 Message-ID: <87mtfmzxzb.fsf@zeitkraut.de> References: <13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an@googlegroups.com> <87r14yzzb1.fsf@zeitkraut.de> Reply-To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="25097"; mail-complaints-to="usenet@ciao.gmane.io" To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-X-From: pandoc-discuss+bncBCZJF7XJTILRBPEU6SJQMGQELVTPQHQ-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Thu May 12 15:23:12 2022 Return-path: Envelope-to: gtp-pandoc-discuss@m.gmane-mx.org Original-Received: from mail-wr1-f64.google.com ([209.85.221.64]) by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1np8me-0006Ph-8e for gtp-pandoc-discuss@m.gmane-mx.org; Thu, 12 May 2022 15:23:12 +0200 Original-Received: by mail-wr1-f64.google.com with SMTP id e4-20020a056000034400b0020cdf0dbf49sf1796668wre.20 for ; Thu, 12 May 2022 06:23:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1652361792; cv=pass; d=google.com; s=arc-20160816; b=GfV2HCVdd+gTJwob65PmzYoHF+ipQD8vClHIoPnyDxohl/lb1VmGrCXM8y88pUr6wL yVBNZlUOd8CMv5iUc9NNuFy4rE44v3bHvWdg013WTHIusRD+Q7MPwxXKDLOXQmwTl5Er sn9vqHMGl7BH2Orvgbb8Idf0K0WxfyvCIkKBoJIffoSYY9MgroV3jpDEV4zSV3Ck1MnF XG65d+1cMn2Skv4UmzWEyUJ5yFpdsoUlCDNsMcJrwKmMEAfLm7F5bjjdHOBzqki5LSoo lqevINZK9MhziKwhCV4Fi4skrqpKfgMkWVgpNnKBKvJwHRqk8QTNUiTZ18tqM/lX5EoP FIDQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :in-reply-to:date:subject:to:from:references:sender:dkim-signature; bh=roQoAPPOOYKvWI6rWzIAiFtg7TJvMDc24DZ1hoUHblA=; b=zgrYM9/mICQ0bmcJPGdsYZALZC7smfzdNRXg+ksnvfHGV0O6urTHqvnnVJZQ0luXT+ 2IseOsBnToIFfJjtjeRVV27U73uoJFMSgYsFs93PDh7bKRpuddiCmGCPdj2d/GR+Ohk2 Vjg6/bszMFsCXQSew6z9YKMDbeNagw26rDZBfClpgasbrcoqY//BRdAWQaaZZ83XrOtu UBdnEhplpgbd8rGx/Pq4Nlt8Hw6/Emig7PCws6TEcr0JSUKiW5HiUXys4sY/8MW1XVjt oxmgO5ndKTW1TSlKP70Zmf+3OZvEqGdtugYNz/IcG/OqNf2hNjrEjt/HFPCpsKG9xXho P9fA== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 80.241.56.172 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:references:from:to:subject:date:in-reply-to:message-id :mime-version:x-original-sender:x-original-authentication-results :reply-to:precedence:mailing-list:list-id:list-post:list-help :list-archive:list-subscribe:list-unsubscribe; bh=roQoAPPOOYKvWI6rWzIAiFtg7TJvMDc24DZ1hoUHblA=; b=c/BQW/VZrAE9rMUpPmWhB9PQRsKLzlt6r2BRK9PgIfUs/8/+LSM9eFnJj3c6BT/i3x 4Thw19tXxFhMophSWEkQYShXI+O05T0UgKvWXdYRDmDbe95K2safvFCs/O+nYxkvqolV QOdA3yyxHA574UTsqbLWD9hRChS/tLqsN4qslBAGCYkraHhxkpGCRCZWhK8y7SaC9PVa 9M15SPwCiaCH3EUfkm1reXZs1MzcErfxC0bmAaJ32ah4CPZ1Gisjs3zuafbtwLv0EMyi nERRJRpZ+tnOTqLiYTvuS3wy7QwnppRSZcYnsDRVMc0W+vpJ7Jw7mW54NUG6KWZ05BTN 4r1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:references:from:to:subject:date :in-reply-to:message-id:mime-version:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=roQoAPPOOYKvWI6rWzIAiFtg7TJvMDc24DZ1hoUHblA=; b=Up4259jYkwOCSAoh0p8vPcrFWDoHwyo6NaodPCSjjoe0vnuxpInMwvF7YLO3gopfa6 iMZl6FdDa6CpNRvEJkndWBF3maKF8lwsNse+4ALrBw0QXTw+HNIouZTJl3XD+OHDVx52 SzoJW5VEFwuoKgWifsEBXYGCBhujAJSczHAmSU9vw4hue4kRCwJMcHO/vJKxXpFJjCP6 dm9DouH2mfd0PzVPEhy8AIKJPIuAHlSh+CboXB7/0JgjvstB33qvA3ZXIvvvyOjpY9Ot S+aYpDyuF0vk1ap1gTbQfPUpP5BR0XwBja3kprJwmqQ2Hk8yOnE1CqnnGEOu53KjbadT RIBw== Original-Sender: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org X-Gm-Message-State: AOAM533Jtb7HL4yMYK9DNxmqAfMIRtndERyeqkRBDYvjHQtg3Vv5gzdW dJAM+RLwpDvrTVZmgDa9WTA= X-Google-Smtp-Source: ABdhPJyGs6f0qGGpzqGcE0gseb7j42yvR21BWZCahVDRQcNYLlTTIHo3M+QHDzGszBzULmW9gKgQNg== X-Received: by 2002:a5d:5846:0:b0:20c:7407:5fa1 with SMTP id i6-20020a5d5846000000b0020c74075fa1mr27003178wrf.116.1652361791762; Thu, 12 May 2022 06:23:11 -0700 (PDT) X-BeenThere: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-Received: by 2002:a05:600c:ad8:b0:394:2fc9:9c19 with SMTP id c24-20020a05600c0ad800b003942fc99c19ls4527071wmr.3.canary-gmail; Thu, 12 May 2022 06:23:07 -0700 (PDT) X-Received: by 2002:a05:600c:220e:b0:394:2695:ce9b with SMTP id z14-20020a05600c220e00b003942695ce9bmr10280673wml.64.1652361787754; Thu, 12 May 2022 06:23:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652361787; cv=none; d=google.com; s=arc-20160816; b=0VCFqkQzcj34X7LzMo/SY2zPDLFXret72MZRDYykEj46RY2K/adZG886UmVjrJCx8V UrEEeQihNSPGLfK2LGuo2/AygMq9THdl7fFhXCkp9mvK5TYsTFy9b+5hQoDEED5dJQNf to1YaK3vAwWD4puLS1olRh1l0sg6sMkbN8rbJVlYfa3pihMWFYJCnzQjn6jazAJZBG/M gE4oRtHpj44xTWuSc7CTttzcM7tx6z3dQU+OiJ+wYGfmPNCzf2AecuEuuS1Ffs53do47 qv7VC9G62mKKz62eDJ0Uel3RH+xhBpMr8kJjZOJRFYAEM8vcUtFcSXsJvB0tJYWLBp6t 5mnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:message-id:in-reply-to:date:subject:to:from:references; bh=mhUmTG2B1GTjBTgppmeBKQM8ar9Ip/cTQ06bv8mN7i8=; b=CNRaWZuQQh45pt65LQU25BZIEsJIu/nSAVhPNTkouduSqrvNVkiNE6Ms6c0gynPGHO UEEITIQyrWG8MmGoS9C1vm5H8bs13jir19nh6Lxsd31umqMwFlri36Pvp2eaayncv3y2 WvMjX1QuQXgUo98WpQFsmrLmy+ujgBCga//JnLznuJsy8vHTw4AwyjePxqSZAlJJlf+J 1LTIM+pPQ3AtXen1kEzPnfclOASVkQVO1IvXDYbNxX1a1XUHMvqelfxhC6wegz4NRcvC dbDqsZnsxDx4IaMPo7CnnCeh0IvRDnaP7VZsdhkhkwc5prHWGeyNGLNx56GULohYmcYe 8KmQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 80.241.56.172 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org Original-Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org. [80.241.56.172]) by gmr-mx.google.com with ESMTPS id v7-20020a5d5907000000b0020c788b9364si253956wrd.4.2022.05.12.06.23.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 May 2022 06:23:07 -0700 (PDT) Received-SPF: pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 80.241.56.172 as permitted sender) client-ip=80.241.56.172; Original-Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4KzXX92NQWz9sl7 for ; Thu, 12 May 2022 15:23:05 +0200 (CEST) In-reply-to: <87r14yzzb1.fsf-9EawChwDxG8hFhg+JK9F0w@public.gmane.org> X-Original-Sender: albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 80.241.56.172 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org Precedence: list Mailing-list: list pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org; contact pandoc-discuss+owners-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org List-ID: X-Google-Group-Id: 1007024079513 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Xref: news.gmane.io gmane.text.pandoc:30547 Archived-At: Addendum: If you'd like to allow users to run arbitrary filters, then consider to run pandoc in a virtual machine. That step should ensure sufficient isolation of the process. Maybe even just a Docker container would be ok, but see Albert Krewinkel writes: > Julien Dutant writes: > >> As discussed a while ago on >> https://github.com/pandoc/lua-filters/issues/207#issuecomment-1067959808 >> and said in Pandoc's manual, running Lua filters downloaded from >> internet is a security risk as Pandoc is run with full privileges. >> >> But doesn't all the risk only comes for Lua's `os` module (and perhaps >> io?), which few filters actually use? If so, would it be possible for >> Pandoc to run Lua filters without this module, providing an alternative >> flag (something like --lua-filter-safe) to run a filter safely? > > I had the intention of building a safe Lua filter system, but have given > up on that. There are just too many things that could go wrong. > > For one, there are just too many potentially risky Lua functions. > Basically all functions in the `os` and `io` modules are unsafe, as are > `load`, `loadfile`, `dofile`, and `require`. Most functions in > `pandoc.system`, and `pandoc.mediabag` are problematic, as are the > functions `pandoc.utils.pipe` and `pandoc.utils.run_json_filter`, both > of which allow to run arbitrary programs. Even seemingly innocent > functions like `pandoc.read` and `pandoc.references` can be used to > access the file system and could be used to exfiltrate information. > > But the main reason for not attempting such a thing is actually that I > have security concerns about the basic pandoc-Lua-bridge. I'm not > confident enough that we could reliably prevent sandbox escapes; nobody > ever did an security audit of HsLua. I *think* there are no obvious > exploits, but I still wouldn't want to label something as "safe" unless > I'm 100% sure that the description is justified. > > TL;DR: Implementing `--lua-filter-safe` might be possible, but it would > require a lot of work as well as expertise that's different from mine. > > -- > Albert Krewinkel > GPG: 8eed e3e2 e8c5 6f18 81fe e836 388d c0b2 1f63 1124 -- Albert Krewinkel GPG: 8eed e3e2 e8c5 6f18 81fe e836 388d c0b2 1f63 1124