nanog mailing list archives
Re: Programmers with network engineering skills
From: Jimmy Hess <mysidia () gmail com>
Date: Fri, 16 Mar 2012 22:20:00 -0500
On Tue, Mar 13, 2012 at 8:41 AM, Joe Greco <jgreco () ns sol net> wrote:
box with a semicolon.Only if you don't properly quote/escape the arguments you are passing.
You're going to run into a big mess when trying to combine the rules for escaping e-mail addresses that contain special characters with the shell-specifc rules for escaping when invoking system. When invoking system() you may need different logic for safe execution when the user's shell is /bin/bash than when it's /bin/zsh.
That's a great theory that's been a disaster in practice, as "properly" is difficult and mistakes often turn into exploits.
The disaster in practice is invoking system() with user provided data into a shell that interprets special characters. The semantics of system() are not your end user's problem. It's a similar disaster to attempting to embed a SQL query into an application, but failing to utilize named parameters for untrusted user inputs -- again, the SQL language is not your end user's problem, Just because ";" "--", "/*" or "DROP" may have special meaning to SQL, does not mean strings that contain these patterns won't be part of a legitimate e-mail address. If you must execute a program to validate an e-mail address from its parameters, make sure to range check the length, fork, and exec(), preferably after chroot()'ing to an unwritable path and setuid'ing to an unprivileged GID, UID, and EUID, after fwapping yourself for not passing a file descriptor to the child process in order to exchange the e-mail address data, and as a result of this -- you made potentially private data available to anyone who happens to enter the right 'ps' command and see command line arguments at the moment an address is being validated. -- -JH
Current thread:
- Re: Programmers with network engineering skills, (continued)
- Re: Programmers with network engineering skills Keegan Holley (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Michael Thomas (Mar 12)
- Re: Programmers with network engineering skills William Herrin (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Joe Greco (Mar 12)
- Re: Programmers with network engineering skills Mark Andrews (Mar 12)
- Re: Programmers with network engineering skills Joe Greco (Mar 13)
- Re: Programmers with network engineering skills Jimmy Hess (Mar 16)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 12)
- Re: Programmers with network engineering skills Aled Morris (Mar 13)
- Re: Programmers with network engineering skills Joe Greco (Mar 13)
- Re: Programmers with network engineering skills Steve Bertrand (Mar 13)
- Re: Programmers with network engineering skills Jeroen van Aart (Mar 16)
- Re: Programmers with network engineering skills Keegan Holley (Mar 12)
- Re: Programmers with network engineering skills Paul Graydon (Mar 12)
- Re: Programmers with network engineering skills Owen DeLong (Mar 12)
- Re: Programmers with network engineering skills Carlos Martinez-Cagnazzo (Mar 13)
- Email Integration / Account Migration Mike Rae (Mar 13)