[erlang-bugs] The Erlang Restricted Shell allows execution of random commands

Ahmed Omar spawn.think@REDACTED
Tue Jan 31 13:50:33 CET 2012 

It sounds to work only with tuple funs, which is going to be removed soon
anyway.

OTP-9649  Tuple funs (a two-element tuple with a module name and a
             function) are now officially deprecated and will be removed
             in R16. Use 'fun M:F/A' instead. To make you aware that your
             system uses tuple funs, the very first time a tuple fun is
             applied, a warning will be sent to the error logger.

1> F = fun (M,F,A) -> lists:zipwith3(fun(M, F,A)-> erlang:apply(M, F, A)
end, [M], [F], [ A ]) end.
#Fun<erl_eval.18.59269574>
2> F(erlang, time, []).
** exception exit: restricted shell does not allow time()
     in function  shell:non_local_allowed/4
     in call from lists:zipwith3/4
3>

or am i wrong?

On Tue, Jan 31, 2012 at 12:46 PM, Roberto Aloi <
roberto.aloi@REDACTED> wrote:

> Hi all,
>
> reading from the Erlang doc:
>
> http://www.erlang.org/doc/man/shell.html#start_restricted-1
>
> "The shell may be started in a restricted mode. In this mode, the shell
> evaluates a function call only if allowed."
>
> Let's write a minimal module which whitelists the 'lists' module only:
>
> =====
> -module(restrict).
>
> -export([local_allowed/3, non_local_allowed/3]).
>
> -define(NON_LOCAL_ALLOWED, [lists]).
>
> local_allowed(_Cmd, _Args, State) ->
>    {false, State}.
>
> non_local_allowed({Module, _Function}, _Args, State) ->
>    {lists:member(Module, ?NON_LOCAL_ALLOWED), State}.
> =====
>
> Let's then start a restricted shell, using the above module.
>
> $ erlc restrict.erl
> $ erl -stdlib restricted_shell restrict
>
> Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:4:4] [rq:4]
> [async-threads:0] [hipe] [kernel-poll:false]
>
> Restricted Eshell V5.8.5  (abort with ^G)
>
> And let's see if it works as expected.
>
> 1> erlang:time().
> ** exception exit: restricted shell does not allow time()
>
> Cool.
>
> 2> erlang:apply(erlang, time, []).
> ** exception exit: restricted shell does not allow time()
>
> Yeah.
>
> 3> F = fun (M,F,A) -> lists:zipwith3({erlang, apply}, [M], [F], [ A ]) end.
> #Fun<erl_eval.18.59269574>
> 4> F(erlang, time, []).
> [{12,35,45}]
>
> Ooops.
>
> Please notice that I'm not the one who actually discovered this bug (or is
> it a feature?). It was actually one of the tryerlang.org users, who
> kindly informed me about this. Originally I thought this was an application
> bug, but it is not. This is more generic and it affects the restricted
> shell itself.
>
> Best regards,
>
> Roberto Aloi
> ---
> @robertoaloi
> Erlang Solutions Ltd.
> www.erlang-solutions.com
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120131/69b758a0/attachment.htm>

More information about the erlang-bugs mailing list