erlc safety

Richard Carlsson richardc@REDACTED
Thu May 4 09:11:18 CEST 2006


orbitz@REDACTED wrote:
> I am considering offering a webform for people to submit their code and 
> run it through erlc and output any compilation errors or if it was 
> successful.  What do I need to worry about in terms of sandboxing?  I 
> think the biggest security risk is -include.  -include("/etc/passwd") or 
> something like that.  What should my concerns be? Are there solutions to 
> these problems?

Also note that code containing '-compile({parse_transform, foo}).' will
run foo:parse_transform(Forms, Options) as a compiler stage. If previous
compilation results (.beam object files) are not being cleaned out, a
simple attack would be to first upload foo.erl for compilation, which
contains a parse_transform/2 function (that does some arbitrarily nasty
stuff if it is executed), and then later upload a module bar.erl which
contains -compile({parse_transform, foo}). The same applies if you are
allowed to compile several modules in a batch; just get the parse
transform module compiled first, and you're in. To avoid this, you have
to make sure that if .beam files are produced, they will not be in the
path when the compiler is running, or alternatively run the compiler
without producing .beam files (see the compiler documentation).

	/Richard




More information about the erlang-questions mailing list