Hi all,
Process.spawn has a vulnerability:
Process spawn(string command, void|Stdio.Stream stdin, void|Stdio.Stream stdout, void|Stdio.Stream stderr, // These aren't used. Seems to be part of something unfinished. /mast //function|void cleanup, mixed ... args ) //! Spawns a process that executes @[command] as a command shell //! statement ("@expr{/bin/sh -c @[command]@}" for Unix, "@expr{cmd /c //! @[command]@}" for Windows). //! //! @param stdin //! @param stdout //! @param stderr //! Stream objects to use as standard input, standard output and //! standard error, respectively, for the created process. The //! corresponding streams for this process are used for those that //! are left out. //! //! @returns //! Returns a @[Process.Process] object for the created process. //! //! @seealso //! @[system], @[popen] { mapping(string:mixed) data=(["env":getenv()]); if(stdin) data->stdin=stdin; if(stdout) data->stdout=stdout; if(stderr) data->stderr=stderr; #if defined(__NT__) // if the command string command is not quoted, add double quotes to // make sure it is not modified by create_process if (sizeof(command) <= 1 || command[0] != '"' || command[sizeof(command)-1] != '"') command = """ + command + """; return Process(({ "cmd", "/c", command }),data); #elif defined(__amigaos__) return Process(split_quoted_string(command),data); #else /* !__NT__||__amigaos__ */ // return Process(({ "/bin/sh", "-c", /*command*/ }),data);
// Fix ?
*return Process(({ "/bin/sh", "-c" }) + split_quoted_string(command),data);*
** #endif /* __NT__||__amigaos__ */ }
Regards
El 23/1/20 a les 12:00, pike-devel-request@lists.lysator.liu.se ha escrit:
Send Pike-devel mailing list submissions to pike-devel@lists.lysator.liu.se
To subscribe or unsubscribe via the World Wide Web, visit http://lists.lysator.liu.se/mailman/listinfo/pike-devel or, via email, send a message with subject or body 'help' to pike-devel-request@lists.lysator.liu.se
You can reach the person managing the list at pike-devel-owner@lists.lysator.liu.se
When replying, please edit your Subject line so it is more specific than "Re: Contents of Pike-devel digest..."
Today's Topics:
1. pike under sanitizers (Mike)
Message: 1 Date: Thu, 23 Jan 2020 10:40:13 +0000 From: "Mike" tankf33der@disroot.org To: pike-devel@lists.lysator.liu.se Subject: pike under sanitizers Message-ID: 96b4ff652af97bf1d5d49b78dd71f602@disroot.org Content-Type: text/plain; charset="utf-8"
hi all,
I've compiled and run tests by clang with different sanitizers (address, memory, undefined). If somebody wants to get report(s) and fix let me know. Some of them are trivial and make sense. I'm already post announce on irc and sent mail to grubba@ without reply :)
(mike)
End of Pike-devel Digest, Vol 173, Issue 3