From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.text.pandoc/28648 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Michael Weiss Newsgroups: gmane.text.pandoc Subject: Re: Add a flag/option to disallow all network access? Date: Thu, 17 Jun 2021 23:37:37 +0200 Message-ID: References: Reply-To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16108"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mutt To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-X-From: pandoc-discuss+bncBDQPX6EF2YPBBJEBV6DAMGQE6UJFN2Q-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Thu Jun 17 23:37:44 2021 Return-path: Envelope-to: gtp-pandoc-discuss@m.gmane-mx.org Original-Received: from mail-ed1-f58.google.com ([209.85.208.58]) by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1ltzhm-0003za-V5 for gtp-pandoc-discuss@m.gmane-mx.org; Thu, 17 Jun 2021 23:37:42 +0200 Original-Received: by mail-ed1-f58.google.com with SMTP id r15-20020aa7da0f0000b02903946a530334sf2382596eds.22 for ; Thu, 17 Jun 2021 14:37:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1623965862; cv=pass; d=google.com; s=arc-20160816; b=u4o+XVxWfoUdR6aALgzGTOywQB5Tlj+zPNweUTJAUaKwQdH1ZSEKY6smbvrez5GORc rzYYq/m8dZ4oRB/MmzgPuZKn603+vjFvl1ip7fQEN28kLGUVXKHoQl+5mqKlvhHWv7Ds HjkIkvvn+vmQQGKuxWaPfurxjQ/ayzH3AJUaaW6jweIC6Fm1zBE7Xi2IpQA/2gUW73q9 jMOfuI1RkNLO0UZ/aJ1FM3tiz2F1+7a5qp8Ab7gwoLpc7/bU7RsYATb1waKutcBONBqc YQDY/51/mtuw4fScvpvO8XRfIqZde71RRRu6jeJbi3gT6dCplwnzkfTLuvDot5yif0kE oh0Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding:reply-to :user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:to:from:date:sender:dkim-signature :dkim-signature; bh=Q9rffa8JYied1jLjIy5ZO4CGNc0aQnq/9/e8Ss5QUEg=; b=g4/LwWJTgo1Qx+Jo49+Y/JvKq0A3V9aFKV4pw6xqZJTT+PhFmxf7gl0tAGKVax+ucW ZgQ5Kx3xAlejIeYiEl9shy6RelYxIuGz7iWgKXbWQ1P7J5+biP4FZgQqrI26BFh/kZ/Q VQFnLNsBmYUOBYcelBoDAf/IBrWrPR4A1hdydysSz7AGXPhTqfLyvlckQThSd9t20u1h 1CGg1oceftc/TLBIbOjvadfr/eQ5bklY9hAajJYPd7f6uQUf2GDOQ0L+OCccgWhaNa0U tzQkMZi+u1jkQCC9W22OaCPP7edoX7hHIuMXfJ82Z56OayVbWjQIkKEwCjx8u2gJPAHC qtBQ== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=T3w1Ox1R; spf=pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent:x-original-sender :x-original-authentication-results:reply-to :content-transfer-encoding:precedence:mailing-list:list-id:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=Q9rffa8JYied1jLjIy5ZO4CGNc0aQnq/9/e8Ss5QUEg=; b=hMfODiZBt/LIxCL9v+UbtQ8iYKypH0kZmta0X0HjPHHiefuRdCtEleyDoYEVRG1Wxe hPLi6DD6NaTgkasS3Js52cxa9oeYbaI05uXjBDxvIGmBfzgp8alVZCwm5/7N9tHjY/Le CCu+MDJvxxKXxdjs6XKIvEfcrddp3NuRKWgIVaH5gFboSZyQI07Ykv8c4CXeyBX7df90 Xl0Q3wPnoHmlKAuOHR6Vi1EPvEXU6UNri+xlaz9cjBCRQ5BdUGH2jMNvutI79tcHHChK vv+XRgkXCSywsZ1Svnnn1JGr0Churst/odadUcBTCwu+IPrsMsNbEV3zycGTngViULBG lfQw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent:x-original-sender :x-original-authentication-results:reply-to :content-transfer-encoding:precedence:mailing-list:list-id:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=Q9rffa8JYied1jLjIy5ZO4CGNc0aQnq/9/e8Ss5QUEg=; b=exLpBanTrY+lrDRFi0NTlrJsSAp/W0y9IneVHLzDQVLhsK0zvOfZZ1bqOcx5qt4KmQ MWrEYP7GuNvVm7F/NbSA0DhcqnTA2Sr4qctP9SmehXKz+jC7wEyL4yWNnYQfvP3Ygt2y NEqHbzZdSTOdONjUbwzp38QiUSOWySTNddye6/BbeIYQXAt2wuUgSYTElk2s9EckxRzU vCoNxHvw10k16aLNsAuIpz7NpeiHP2QX0K+jonFGVlZrb9bszh684Hvad96Ph3ewZ0Kc /iMFU7oRA/zStHtktw6inKafr9FJ1ZFMcQ4oDP4sJaSmshPzqKhOiFObpnyeh60tBsZI Fe/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:date:from:to:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent :x-original-sender:x-original-authentication-results:reply-to :content-transfer-encoding:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=Q9rffa8JYied1jLjIy5ZO4CGNc0aQnq/9/e8Ss5QUEg=; b=MeDfZxshq2WOJftgC41Weu41Cue0fWuuru0oGxu+l7KQDi6gjlb5F2w5VTSy09jYCc A8Yc4tX1vmI4UPxzcapcERvJj2KjJdf7hoTavuAn96yAQfKawHCpSAf098bYyf6zfdmj dc94Bg8bFzfKc8gNBZm/LSl3iotKn7BdIGC9Ck9qLj0SCe1fFvL1tKRZDg3h3KXPIDsp dgjGETWXILz//c479pDpYZqttWe0kJgE6f4aaBIglSVpw98Im0z3aY/1m+Fd+4KCWgtk LLNZozhuYWRdeuqDI/0gKPn61PTtGjfYf Original-Sender: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org X-Gm-Message-State: AOAM530bvnzsGK95jBpM5qQnI+JSNMJ/CqyP9HJJW8TxDbshKNQF7eV/ 4wyklasTJpEAiekRN6w4Sn4= X-Google-Smtp-Source: ABdhPJzzHm61wblwiKSizRPvNu8h/LLrLPLODEituYycRten25KvglBZQAC4E/53f0Faa2JDJLyR2g== X-Received: by 2002:a17:907:e90:: with SMTP id ho16mr7498925ejc.410.1623965862213; Thu, 17 Jun 2021 14:37:42 -0700 (PDT) X-BeenThere: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-Received: by 2002:aa7:c5d2:: with SMTP id h18ls163907eds.0.gmail; Thu, 17 Jun 2021 14:37:39 -0700 (PDT) X-Received: by 2002:a05:6402:358:: with SMTP id r24mr515933edw.69.1623965859878; Thu, 17 Jun 2021 14:37:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623965859; cv=none; d=google.com; s=arc-20160816; b=LZhHypHpUl9nY/sTB6IAKk72muEcWt3PY9PsrSh31oe2SvFl6vVdNO1IQ32Ob+57KL EJ/H0n5Ylz5DNdYY1HOAZOnp60StA49d0ukr2owuSICE9YnltYJoYj5xxUnGEuZp/vR+ kqLCr/NpOETgoN+G/ECrBNjMyxlePugTMVNm2gqQK7XOFmc3zAt6XP/Gm+7chy87G8Av +oVrjo3T7xlyy5AN47GGKpmIdYaspjmP3M4LQ8z+tt91I05in6/JHENgkz7Q+eqMgjE9 2EuRxPwAMCy6JUCPNCRKCiIJmIQBwMV64MWjr/GpPdWS4lD/1gMKGijxmKuUJ3oKwyG6 Wcww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:to:from:date:dkim-signature; bh=wOTCuVUklB5W06OSzayI/jSZtd2rYeSVuVFzszzbN+E=; b=nGkmIvGHV9jfgPM/2mcBK5syNpcRluSYQ9VWRuPfhMEMnKmTM5iS0/+5vzkp0Lpjs7 RW6PJVa8qtLIhWqIKpOY8oitpLNwJ+64wF8WLSzGF9OoUwEM6eVFotBv8FGH5gx623Us iETno5CPaINLBaZqX/v2aJBH1j9r9GZl+wjFoC5fw8o9ORRkLpMtSBJO1bhdSfyOIprE PGZ2uESZdP01LcK3TN+OpYa8hHB2/yTy1v2UPDdklMtotA5E4gR9dFTzdF1ooWU8f9mO Ugo+3X+ALm2vCKfR9VCdQXn2cP5sIjaOqf1d2Bs8pi2JjTSKBdwZrUiSDBmoKI9LZ/YT iEaw== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=T3w1Ox1R; spf=pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Original-Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com. [2a00:1450:4864:20::636]) by gmr-mx.google.com with ESMTPS id s18si4003ejo.1.2021.06.17.14.37.39 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 17 Jun 2021 14:37:39 -0700 (PDT) Received-SPF: pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::636 as permitted sender) client-ip=2a00:1450:4864:20::636; Original-Received: by mail-ej1-x636.google.com with SMTP id gb32so4194659ejc.2 for ; Thu, 17 Jun 2021 14:37:39 -0700 (PDT) X-Received: by 2002:a17:906:7d3:: with SMTP id m19mr7408892ejc.546.1623965859674; Thu, 17 Jun 2021 14:37:39 -0700 (PDT) Original-Received: from jarvis.primeos.dev ([134.3.225.189]) by smtp.gmail.com with ESMTPSA id f10sm5121497edx.60.2021.06.17.14.37.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 14:37:39 -0700 (PDT) Content-Disposition: inline In-Reply-To: X-Original-Sender: dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=T3w1Ox1R; spf=pass (google.com: domain of dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=dev.primeos-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org; contact pandoc-discuss+owners-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org List-ID: X-Google-Group-Id: 1007024079513 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Xref: news.gmane.io gmane.text.pandoc:28648 Archived-At: On Thu, 17 Jun, 2021 at 13:08:59 -0700, John MacFarlane wrote: > Yes, I've been wanting to do something like this. > https://github.com/jgm/pandoc/issues/5045 That's awesome, thanks for the reply! In hindsight I should've searched for "sandbox" as well. Restricting any IO (apart from the files specified via CLI parameters) via the PandocPure monad seems like the best idea and I also like the "--sandboxed" parameter name. I think that would be a nice addition (like [0] already states) but it seems like the implementation is unfortunately much more complicated than I thought. I'll subscribe to the GitHub issue and from my side we can consider this thread resolved then :) Joseph wrote: > This doesn't address your feature request, but it could be a useful hack:= set a null http proxy (with an instantaneous timeout) with whatever tool y= ou use, whether it's lynx, w3m, links, etc. I don't know if this can be don= e with pandoc's `--request-header=3D`. That's an interesting idea, I somehow didn't think of that. Using a network namespace with only the loopback interface would be another option to guaranty there won't be any network I/O, e.g.: unshare --user --net pandoc --from=3Dhtml+raw_html --to=3Dplain However, both approaches could still leak information via DNS (not sure about proxy clients but e.g. nscd can still cause DNS requests when using network namespaces without additional countermeasures). If the sandboxing is really important it might be best to use an existing security sandbox like Firejail or Bubblewrap. But a "--sandboxed" option for Pandoc would seem interesting nonetheless (e.g. if user namespaces or a suid security sandbox isn't available and a Pandoc option would be much easier to use). Anyway, thanks for that idea. [0]: https://github.com/jgm/pandoc/issues/5045#issuecomment-504469702 --=20 You received this message because you are subscribed to the Google Groups "= pandoc-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/= pandoc-discuss/YMvAoe5GNqghNAM6%40jarvis.primeos.dev.