From: Zefram <zefram@dcs.warwick.ac.uk>
To: zsh-workers@math.gatech.edu
Subject: restricting modules
Date: Mon, 24 Mar 1997 18:51:43 GMT [thread overview]
Message-ID: <28090.199703241851@stone.dcs.warwick.ac.uk> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
This patch changes the effect of the RESTRICTED option on zmodload.
Prior to this patch, any arbitrary, untrusted, module can be declared
to be a dependency of a safe module, and thus untrusted code can be run.
This patch closes that security hole by preventing the specification of
a module containing a /. Note that it is not a problem to declare safe
dependencies of unsafe modules: that doesn't make it any easier to load
the unsafe module.
The restriction on zmodload -a is also changed to match. The idea is
that only the loading of unsafe modules should be prevented, and that
functionality should not be otherwise reduced.
-zefram
*** Doc/Zsh/restricted.yo 1997/01/29 05:42:43 1.2
--- Doc/Zsh/restricted.yo 1997/03/23 02:23:37
***************
*** 26,34 ****
commands)
itemiz(turning off restricted mode with tt(set +r) or tt(unsetopt
RESTRICTED))
! itemiz(loading modules with an explicitely given pathname containing
! slashes)
! itemiz(adding/deleting builtins with tt(zmodload -a))
enditemize()
These restrictions are enforced after processing the startup files. The
--- 26,33 ----
commands)
itemiz(turning off restricted mode with tt(set +r) or tt(unsetopt
RESTRICTED))
! itemiz(specifying modules to be loaded with an explicitly given
! pathname containing slashes)
enditemize()
These restrictions are enforced after processing the startup files. The
*** Src/module.c 1997/03/20 03:53:56 1.25
--- Src/module.c 1997/03/23 02:32:35
***************
*** 499,509 ****
return 0;
} else {
/* add dependencies */
char *tnam = *args++;
! while (*args)
! add_dep(tnam, *args++);
! return 0;
}
}
--- 499,515 ----
return 0;
} else {
/* add dependencies */
+ int ret = 0;
char *tnam = *args++;
! for(; *args; args++) {
! if(isset(RESTRICTED) && strchr(*args, '/')) {
! zwarnnam(nam, "%s: restricted", *args, 0);
! ret = 1;
! } else
! add_dep(tnam, *args);
! }
! return ret;
}
}
***************
*** 514,523 ****
if(ops['u']) {
/* remove autoloaded builtins */
- if (isset(RESTRICTED)) {
- zwarnnam(nam, "-a is not allowed in restricted mode", *args, 0);
- return 1;
- }
for (; *args; args++) {
Builtin bn = (Builtin) builtintab->getnode2(builtintab, *args);
--- 520,525 ----
***************
*** 541,551 ****
} else {
/* add autoloaded builtins */
char *modnam;
! if (isset(RESTRICTED)) {
! zwarnnam(nam, "-a is not allowed in restricted mode", *args, 0);
return 1;
}
- modnam = *args++;
do {
char *bnam = *args ? *args++ : modnam;
if (strchr(bnam, '/')) {
--- 543,553 ----
} else {
/* add autoloaded builtins */
char *modnam;
! modnam = *args++;
! if(isset(RESTRICTED) && strchr(modnam, '/')) {
! zwarnnam(nam, "%s: restricted", modnam, 0);
return 1;
}
do {
char *bnam = *args ? *args++ : modnam;
if (strchr(bnam, '/')) {
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
iQCVAwUBMzSXn3D/+HJTpU/hAQHuNgP+LnJMnwv8Xvn/w651C+XB28LVxU71WTtp
fSmMhxKdEFx6N2eXEOcDVSmzdF8QXdELEz1VrZLWgjdb9tztTJ5u2FoSVrRtFHfH
7Q8WvTFGw09dsy9M28fNs2UiROHf1cbyzVieK0eSw1ue39HsCSCcbXY2z4xTfz7u
ywk86Y2k9DE=
=pkzu
-----END PGP SIGNATURE-----
reply other threads:[~1997-03-25 23:06 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28090.199703241851@stone.dcs.warwick.ac.uk \
--to=zefram@dcs.warwick.ac.uk \
--cc=zsh-workers@math.gatech.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).