develooper Front page | perl.perl5.porters | Postings from April 2003

Re: [PATCH 5.8.1 @19053] Getopt::Std

Thread Previous | Thread Next
From:
Ilya Zakharevich
Date:
April 6, 2003 13:08
Subject:
Re: [PATCH 5.8.1 @19053] Getopt::Std
Message ID:
20030406200827.GA7983@math.berkeley.edu
On Sun, Apr 06, 2003 at 08:56:15PM +0100, Nicholas Clark wrote:
> > Sorry, but my argument stands as is.  Unless we know that it is save
> > to let the user interrupt the script (by giving it options), or change
> > the STDOUT output, we should not.  It may be setuid or otherwise critical.
> 
> But if the user can give extra options to a script, potentially they can
> already stop it. For example, if I add an option --non-existent-option
> 
> ../../miniperl -I../../lib bin/enc2xs --non-existent-option -Q -O -o def_t.c -f def_t.fnm

> this program happens to crash. Arguably that is bad design on this program.
> But if you're able to add options to an existing script, you already have
> considerable control. If you're allowed to add new command line arguments
> even more so.

By these arguments, one should not have done any special security
hacks to add (?{}) to Perl RExen.

> If your arguments are via a shell command line, `rm -rf /`

Won't work.  Try it.  ;-)  Remember, the script may be setuid.

> You appear to be arguing that we mustn't add options to stop programs for
> the specific case of protecting programs which untrusted users are allowed
> to add arbitrary options to, where said programs are carefully designed so
> that no combination of options that can be added materially effect the
> intent of their outcome.

Yes.

> I'm arguing that the set of such programs running is such situations is
> very small. No sane sysadmin would do this.

Should not we protect unsane ones more?  ;-)

> If we're so worried about critical scripts why are we changing the interface
> at all?

My modifications won't change the interface at all (the patch I sent
will; it should be fixed so that the message goes to STDERR if the script does not show signs of being aware).

Ilya


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About