erlc safety

orbitz@REDACTED orbitz@REDACTED
Thu May 4 12:04:28 CEST 2006


Well files will not be given a name the user can choose.  The files  
will be stored in a mnesia database, given a temporary name for  
compilation and then deleted.  .beam files will also be destroyed  
upon compilation (In theory).
What about some sort of sanitation function I could run on the file  
prior to compilation?  Is this too easy to exploit to even bother?

On May 4, 2006, at 3:11 AM, Richard Carlsson wrote:

> orbitz@REDACTED wrote:
>> I am considering offering a webform for people to submit their  
>> code and run it through erlc and output any compilation errors or  
>> if it was successful.  What do I need to worry about in terms of  
>> sandboxing?  I think the biggest security risk is -include.  - 
>> include("/etc/passwd") or something like that.  What should my  
>> concerns be? Are there solutions to these problems?
>
> Also note that code containing '-compile({parse_transform, foo}).'  
> will
> run foo:parse_transform(Forms, Options) as a compiler stage. If  
> previous
> compilation results (.beam object files) are not being cleaned out, a
> simple attack would be to first upload foo.erl for compilation, which
> contains a parse_transform/2 function (that does some arbitrarily  
> nasty
> stuff if it is executed), and then later upload a module bar.erl which
> contains -compile({parse_transform, foo}). The same applies if you are
> allowed to compile several modules in a batch; just get the parse
> transform module compiled first, and you're in. To avoid this, you  
> have
> to make sure that if .beam files are produced, they will not be in the
> path when the compiler is running, or alternatively run the compiler
> without producing .beam files (see the compiler documentation).
>
> 	/Richard
>




More information about the erlang-questions mailing list