[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [ooni-probe/master] 13581: Avoid hacking sys.path in bin/* scripts as that is a security risk.



commit 3bad9401e657507abea23bb4d650423bad3d3845
Author: Ximin Luo <infinity0@xxxxxxxx>
Date:   Sat Jan 3 03:36:02 2015 +0100

    13581: Avoid hacking sys.path in bin/* scripts as that is a security risk.
    
    We want to run these scripts with extra capabilities, using setcap. However, if
    the end user can set PYTHONPATH, then they can feed arbitrary code into these
    scripts and give extra capabilities to that code, which we should not allow.
    
    Includes a ooniprobe-dev wrapper shell script to make things easier for
    developers running directly from the repository. The important thing is that
    this script is developer-only and *not* installed on end users' machines.
---
 bin/oonideckgen                                      |    5 -----
 bin/ooniprobe                                        |    5 -----
 bin/oonireport                                       |    7 -------
 bin/ooniresources                                    |    6 ------
 data/inputs/README                                   |   12 ++++++------
 docs/source/tests/dnsspoof.rst                       |    4 ++--
 docs/source/tests/http_header_field_manipulation.rst |    4 ++--
 docs/source/tests/http_host.rst                      |    4 ++--
 docs/source/tests/http_invalid_request_line.rst      |    4 ++--
 docs/source/tests/tcpconnect.rst                     |    4 ++--
 docs/source/tests/template.rst                       |    4 ++--
 docs/source/tests/traceroute.rst                     |    4 ++--
 ooni/nettests/experimental/chinatrigger.py           |    2 +-
 ooniprobe-dev                                        |    6 ++++++
 scripts/before_i_commit.sh                           |    2 +-
 15 files changed, 28 insertions(+), 45 deletions(-)

diff --git a/bin/oonideckgen b/bin/oonideckgen
index 017a5d8..a761349 100755
--- a/bin/oonideckgen
+++ b/bin/oonideckgen
@@ -1,11 +1,6 @@
 #!/usr/bin/env python
-import os
-import sys
 import exceptions
 
-sys.path[:] = map(os.path.abspath, sys.path)
-sys.path.insert(0, os.path.abspath(os.getcwd()))
-
 from twisted.internet import defer, reactor
 
 from ooni.utils import log
diff --git a/bin/ooniprobe b/bin/ooniprobe
index 5e277e8..31da086 100755
--- a/bin/ooniprobe
+++ b/bin/ooniprobe
@@ -1,12 +1,7 @@
 #!/usr/bin/env python
-import os, sys
 import copy_reg
 from twisted.internet import reactor
 
-# Hack to set the proper sys.path. Overcomes the export PYTHONPATH pain.
-sys.path[:] = map(os.path.abspath, sys.path)
-sys.path.insert(0, os.path.abspath(os.getcwd()))
-
 # This is a hack to overcome a bug in python
 from ooni.utils.hacks import patched_reduce_ex
 copy_reg._reduce_ex = patched_reduce_ex
diff --git a/bin/oonireport b/bin/oonireport
index 84fc80d..ee9a214 100755
--- a/bin/oonireport
+++ b/bin/oonireport
@@ -1,11 +1,4 @@
 #!/usr/bin/env python
-import os
-import sys
-import exceptions
-
-sys.path[:] = map(os.path.abspath, sys.path)
-sys.path.insert(0, os.path.abspath(os.getcwd()))
-
 from twisted.internet import defer, reactor
 
 from ooni.utils import log
diff --git a/bin/ooniresources b/bin/ooniresources
index e0123ac..1960a1d 100755
--- a/bin/ooniresources
+++ b/bin/ooniresources
@@ -1,10 +1,4 @@
 #!/usr/bin/env python
-import os
-import sys
-
-sys.path[:] = map(os.path.abspath, sys.path)
-sys.path.insert(0, os.path.abspath(os.getcwd()))
-
 from twisted.internet import defer, reactor
 
 from ooni.utils import log
diff --git a/data/inputs/README b/data/inputs/README
index 13657b1..9a55f67 100644
--- a/data/inputs/README
+++ b/data/inputs/README
@@ -3,38 +3,38 @@ the correct functionality of the various OONIProbe tests.
 
 # DNS Consistency
 
-./bin/ooniprobe -o dns_tamper_test.yamloo data/nettests/blocking/dns_consistency.py -t
+./ooniprobe-dev -o dns_tamper_test.yamloo data/nettests/blocking/dns_consistency.py -t
 example_inputs/dns_tamper_test_resolvers.txt -f example_inputs/dns_tamper_file.txt
 
 less dns_tamper_test.yamloo
 
 # Captive Portal
 
-./bin/ooniprobe -o captive_portal_test.yamloo data/nettests/core/captiveportal.py
+./ooniprobe-dev -o captive_portal_test.yamloo data/nettests/core/captiveportal.py
 
 less captive_portal_test.yamloo
 
 # HTTP Host
 
-./bin/ooniprobe -o http_host.yamloo data/nettests/manipulation/http_host.py -b http://ooni.nu/test -f example_inputs/http_host_file.txt
+./ooniprobe-dev -o http_host.yamloo data/nettests/manipulation/http_host.py -b http://ooni.nu/test -f example_inputs/http_host_file.txt
 
 less http_host.yamloo
 
 # Keyword filtering
 
-./bin/ooniprobe -o keyword_filtering.yamloo data/nettests/core/keyword_filtering.py -b http://ooni.nu/test/ -f test_inputs/keyword_filtering_file.txt
+./ooniprobe-dev -o keyword_filtering.yamloo data/nettests/core/keyword_filtering.py -b http://ooni.nu/test/ -f test_inputs/keyword_filtering_file.txt
 
 less keyword_filtering.yamloo
 
 # URL List
 
-./bin/ooniprobe -o url_lists.yamloo data/nettests/core/url_list.py -f test_inputs/url_lists_file.txt
+./ooniprobe-dev -o url_lists.yamloo data/nettests/core/url_list.py -f test_inputs/url_lists_file.txt
 
 less url_lists.yamloo
 
 # Squid transparent proxy
 
-./bin/ooniprobe -o squid.yamloo data/nettests/core/squid.py
+./ooniprobe-dev -o squid.yamloo data/nettests/core/squid.py
 
 less squid.yamloo
 
diff --git a/docs/source/tests/dnsspoof.rst b/docs/source/tests/dnsspoof.rst
index 21c9cb4..44f372b 100644
--- a/docs/source/tests/dnsspoof.rst
+++ b/docs/source/tests/dnsspoof.rst
@@ -21,7 +21,7 @@ This test performs A queries to a test resolver and a known good control resolve
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/manipulation/dns_spoof.py [-s] [-k] [-i] -r <test resolver> -h <hostname> -b IP:PORT`
+`ooniprobe nettests/manipulation/dns_spoof.py [-s] [-k] [-i] -r <test resolver> -h <hostname> -b IP:PORT`
 
 *test resolver* is a single test resolver (IP address).
 *hostname* is the hostname to query.
@@ -35,7 +35,7 @@ Sample report
 =============
 
 From running:
-`./bin/ooniprobe nettests/manipulation/dns_spoof.py -h torproject.org -r 4.2.2.2:53`
+`ooniprobe nettests/manipulation/dns_spoof.py -h torproject.org -r 4.2.2.2:53`
 
 ::
 
diff --git a/docs/source/tests/http_header_field_manipulation.rst b/docs/source/tests/http_header_field_manipulation.rst
index f51b609..b6a0a8c 100644
--- a/docs/source/tests/http_header_field_manipulation.rst
+++ b/docs/source/tests/http_header_field_manipulation.rst
@@ -23,14 +23,14 @@ detected tampering.
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/manipulation/http_header_field_manipulation.py -b <address of backend> [-h <headers>]`
+`ooniprobe nettests/manipulation/http_header_field_manipulation.py -b <address of backend> [-h <headers>]`
 `address of backend` is the IP:PORT of the SimpleHTTPChannel backend.
 
 Sample report
 =============
 
 From running:
-`./bin/ooniprobe nettests/manipulation/http_header_field_manipulation.py`
+`ooniprobe nettests/manipulation/http_header_field_manipulation.py`
 If no backend is specified, the default backend is 127.0.0.1:57001, where you will need to have oonib listening.
 
 ::
diff --git a/docs/source/tests/http_host.rst b/docs/source/tests/http_host.rst
index 7843344..bc78dda 100644
--- a/docs/source/tests/http_host.rst
+++ b/docs/source/tests/http_host.rst
@@ -39,7 +39,7 @@ test.
 How to run the test
 ===================
 
-`./bin/ooniprobe nettest/core/http_host.py -f <input file> -b <backend url> -c <content>`
+`ooniprobe nettest/core/http_host.py -f <input file> -b <backend url> -c <content>`
 
 *input_file* is a file containing the hostnames to check for censorship one per line.
 
@@ -55,7 +55,7 @@ Sample report
 =============
 
 From running:
-`./bin/ooniprobe nettests/core/http_host.py`
+`ooniprobe nettests/core/http_host.py`
 
 ::
 
diff --git a/docs/source/tests/http_invalid_request_line.rst b/docs/source/tests/http_invalid_request_line.rst
index f1246c4..939b0cf 100644
--- a/docs/source/tests/http_invalid_request_line.rst
+++ b/docs/source/tests/http_invalid_request_line.rst
@@ -81,7 +81,7 @@ is usually being split on the `.`.
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/manipulation/http_invalid_request_line.py -b <address of backend>`
+`ooniprobe nettests/manipulation/http_invalid_request_line.py -b <address of backend>`
 
 *address of the backend* is the hostname or IP address of a backend that runs
 a TCP echo server on port 80.
@@ -91,7 +91,7 @@ Sample report
 
 From running:
 
-`./bin/ooniprobe nettests/manipulation/http_invalid_request_line.py -b 127.0.0.1 -p 57002`
+`ooniprobe nettests/manipulation/http_invalid_request_line.py -b 127.0.0.1 -p 57002`
 
 ::
 
diff --git a/docs/source/tests/tcpconnect.rst b/docs/source/tests/tcpconnect.rst
index 2eadc11..1f1e082 100644
--- a/docs/source/tests/tcpconnect.rst
+++ b/docs/source/tests/tcpconnect.rst
@@ -28,7 +28,7 @@ If the connection succeeds the test will report "success".
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/core/tcpconnect.py -f <input file>`
+`ooniprobe nettests/core/tcpconnect.py -f <input file>`
 
 *input file* a list of IP:PORT pairs to perform TCP connections to.
 
@@ -36,7 +36,7 @@ Sample report
 =============
 
 From running:
-`./bin/ooniprobe nettests/core/tcpconnect.py -f <input file>`
+`ooniprobe nettests/core/tcpconnect.py -f <input file>`
 
 ::
 
diff --git a/docs/source/tests/template.rst b/docs/source/tests/template.rst
index 62b3895..02b365d 100644
--- a/docs/source/tests/template.rst
+++ b/docs/source/tests/template.rst
@@ -20,13 +20,13 @@ Description
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/core/my_test_name.py`
+`ooniprobe nettests/core/my_test_name.py`
 
 Sample report
 =============
 
 From running:
-`./bin/ooniprobe nettests/core/my_test_name.py`
+`ooniprobe nettests/core/my_test_name.py`
 
 ::
 
diff --git a/docs/source/tests/traceroute.rst b/docs/source/tests/traceroute.rst
index 8532890..021bf2b 100644
--- a/docs/source/tests/traceroute.rst
+++ b/docs/source/tests/traceroute.rst
@@ -47,7 +47,7 @@ received a TTL expired from a router in a certain network range.
 How to run the test
 ===================
 
-`./bin/ooniprobe nettests/manipulation/traceroute.py -b <backend ip>``
+`ooniprobe nettests/manipulation/traceroute.py -b <backend ip>``
 
 *backend ip* is the IP address of the backend to traceroute to
 
@@ -56,7 +56,7 @@ Sample report
 
 From running:
 
-`./bin/ooniprobe nettests/core/traceroute.py -b 8.8.8.8`
+`ooniprobe nettests/core/traceroute.py -b 8.8.8.8`
 
 ::
 
diff --git a/ooni/nettests/experimental/chinatrigger.py b/ooni/nettests/experimental/chinatrigger.py
index de1f64d..dfc2f73 100644
--- a/ooni/nettests/experimental/chinatrigger.py
+++ b/ooni/nettests/experimental/chinatrigger.py
@@ -17,7 +17,7 @@ class ChinaTriggerTest(BaseScapyTest):
     by Philipp Winter to engage chinese probes in active scanning.
 
     Example of running it:
-    ./bin/ooniprobe chinatrigger -d 127.0.0.1 -p 8080
+    ooniprobe chinatrigger -d 127.0.0.1 -p 8080
     """
 
     name = "chinatrigger"
diff --git a/ooniprobe-dev b/ooniprobe-dev
new file mode 100755
index 0000000..e0d5abb
--- /dev/null
+++ b/ooniprobe-dev
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Developer script for running ooniprobe directly from the repository.
+# We don't automatically add "$PWD" to PYTHONPATH as that is a security risk
+# when run as /usr/bin/ooniprobe on an end user's computer.
+cd "$(realpath "$(dirname "$0")")"
+PYTHONPATH="$PWD" exec ./bin/ooniprobe
diff --git a/scripts/before_i_commit.sh b/scripts/before_i_commit.sh
index 918b137..8aca1fa 100755
--- a/scripts/before_i_commit.sh
+++ b/scripts/before_i_commit.sh
@@ -28,7 +28,7 @@ else
   echo "Assuming that your virtual environment is pre-configured...";
 fi
 
-./bin/ooniprobe -i decks/before_i_commit.testdeck
+./ooniprobe-dev -i decks/before_i_commit.testdeck
 
 echo "Below you should not see anything"
 echo "---------------------------------"



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits