whizard is hosted by Hepforge, IPPP Durham
close Warning: Can't synchronize with repository "(default)" (/hepforge/svn/whizard does not appear to be a Subversion repository.). Look in the Trac log for more information.

Opened 7 years ago

Last modified 20 months ago

#453 new defect

WHIZARD Web services

Reported by: Christian Speckner Owned by: Christian Speckner
Priority: P4 Milestone: v4.0
Component: configure Version: 2.0.6
Severity: minor Keywords:
Cc:

Description

For improved security, i.e. in environments where WHIZARD runs SINDARIN supplied by users without shell access, it is desireable to deactivate the execution of external programs. I suggest implementing a security command line flag which deactivates exec (and maybe other functionality) on requrest, the default of which could be modified at configure time. If noone objects, I would implement this.

Change History (10)

comment:1 Changed 7 years ago by kilian

Yes, agreed. I would even turn the logic around:

WHIZARD maintains a list of allowed programs, which is checked against the argument of the 'exec' command (which should execute one program at a time). The list is given to WHIZARD on the command line (analogous to --user-lib; the array can reside in the 'global' record of rt_data_t). Furthermore, if the user doesn't want to give fully qualified paths as programs names, he has to provide the search path explicitly, also on the command line. Otherwise, the 'exec' command uses an empty search path for the spawned shell.

The idea is that the 'exec' feature should be used sparingly. The Sindarin file, by itself, should not be able to raise privileges.

comment:2 Changed 7 years ago by Juergen Reuter

Milestone: v2.0.7v2.1.0

As long as this does not apply for the internal programs like O'Mega, Gamelan etc. I am fine with that. But I think this is not top priority right now.

comment:3 Changed 7 years ago by Juergen Reuter

We should discuss this once again. How it is ranked, what is intended, and who is going to do it when!

comment:4 Changed 7 years ago by Juergen Reuter

Milestone: v2.1.0v2.2.0

Okay, I believe this ticket will never be addressed....

comment:5 Changed 5 years ago by Juergen Reuter

Seriously!? Don't we want to close this ticket!? Guys????

comment:6 Changed 5 years ago by Juergen Reuter

Component: coreconfigure
Milestone: v2.3.0v3.0
Summary: Disable exec functionality at configure / runtimeWHIZARD Web services

THis includes: Disable exec functionality at configure / runtime.

comment:7 Changed 5 years ago by Juergen Reuter

Should we set up a WHIZARD web server, we should remember to take care of exec traps.

comment:8 Changed 3 years ago by Juergen Reuter

Should we actually bury this project, or does anyone think this will ever happen?

comment:9 Changed 23 months ago by Juergen Reuter

Milestone: v3.0v3.0.0

Milestone renamed

comment:10 Changed 20 months ago by ohl

Milestone: v3.0.0v4.0
Note: See TracTickets for help on using tickets.