Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
restricting modules
- X-seq: zsh-workers 3025
- From: Zefram <zefram@xxxxxxxxxxxxxxxxx>
- To: zsh-workers@xxxxxxxxxxxxxxx
- Subject: restricting modules
- Date: Mon, 24 Mar 1997 18:51:43 GMT
-----BEGIN PGP SIGNED MESSAGE-----
This patch changes the effect of the RESTRICTED option on zmodload.
Prior to this patch, any arbitrary, untrusted, module can be declared
to be a dependency of a safe module, and thus untrusted code can be run.
This patch closes that security hole by preventing the specification of
a module containing a /. Note that it is not a problem to declare safe
dependencies of unsafe modules: that doesn't make it any easier to load
the unsafe module.
The restriction on zmodload -a is also changed to match. The idea is
that only the loading of unsafe modules should be prevented, and that
functionality should not be otherwise reduced.
-zefram
*** Doc/Zsh/restricted.yo 1997/01/29 05:42:43 1.2
--- Doc/Zsh/restricted.yo 1997/03/23 02:23:37
***************
*** 26,34 ****
commands)
itemiz(turning off restricted mode with tt(set +r) or tt(unsetopt
RESTRICTED))
! itemiz(loading modules with an explicitely given pathname containing
! slashes)
! itemiz(adding/deleting builtins with tt(zmodload -a))
enditemize()
These restrictions are enforced after processing the startup files. The
--- 26,33 ----
commands)
itemiz(turning off restricted mode with tt(set +r) or tt(unsetopt
RESTRICTED))
! itemiz(specifying modules to be loaded with an explicitly given
! pathname containing slashes)
enditemize()
These restrictions are enforced after processing the startup files. The
*** Src/module.c 1997/03/20 03:53:56 1.25
--- Src/module.c 1997/03/23 02:32:35
***************
*** 499,509 ****
return 0;
} else {
/* add dependencies */
char *tnam = *args++;
! while (*args)
! add_dep(tnam, *args++);
! return 0;
}
}
--- 499,515 ----
return 0;
} else {
/* add dependencies */
+ int ret = 0;
char *tnam = *args++;
! for(; *args; args++) {
! if(isset(RESTRICTED) && strchr(*args, '/')) {
! zwarnnam(nam, "%s: restricted", *args, 0);
! ret = 1;
! } else
! add_dep(tnam, *args);
! }
! return ret;
}
}
***************
*** 514,523 ****
if(ops['u']) {
/* remove autoloaded builtins */
- if (isset(RESTRICTED)) {
- zwarnnam(nam, "-a is not allowed in restricted mode", *args, 0);
- return 1;
- }
for (; *args; args++) {
Builtin bn = (Builtin) builtintab->getnode2(builtintab, *args);
--- 520,525 ----
***************
*** 541,551 ****
} else {
/* add autoloaded builtins */
char *modnam;
! if (isset(RESTRICTED)) {
! zwarnnam(nam, "-a is not allowed in restricted mode", *args, 0);
return 1;
}
- modnam = *args++;
do {
char *bnam = *args ? *args++ : modnam;
if (strchr(bnam, '/')) {
--- 543,553 ----
} else {
/* add autoloaded builtins */
char *modnam;
! modnam = *args++;
! if(isset(RESTRICTED) && strchr(modnam, '/')) {
! zwarnnam(nam, "%s: restricted", modnam, 0);
return 1;
}
do {
char *bnam = *args ? *args++ : modnam;
if (strchr(bnam, '/')) {
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
iQCVAwUBMzSXn3D/+HJTpU/hAQHuNgP+LnJMnwv8Xvn/w651C+XB28LVxU71WTtp
fSmMhxKdEFx6N2eXEOcDVSmzdF8QXdELEz1VrZLWgjdb9tztTJ5u2FoSVrRtFHfH
7Q8WvTFGw09dsy9M28fNs2UiROHf1cbyzVieK0eSw1ue39HsCSCcbXY2z4xTfz7u
ywk86Y2k9DE=
=pkzu
-----END PGP SIGNATURE-----
Messages sorted by:
Reverse Date,
Date,
Thread,
Author