[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated
Sandboxes are always difficult, if not effectively impossible, to make
completely airtight, as you must ensure that *any combination* of
functions available within the sandbox cannot lead to a breakout. In any
case, Guile does not have sandboxing support.
At the moment, I'm not particularly concerned about the actual on-disk
format used. That's very much determined by the content we want to store
in the configuration file, anyway.
I've started working on a spec for what the API should look like. You
can keep track of my progress here:
http://repo.or.cz/w/geda-gaf/peter-b.git/blob/refs/heads/config-
sys:/docs/specifications/config-api.txt
Or, if that URL gets mangled: http://goo.gl/Lcbna
Let me know if the approach seems insane.
--
You received this bug notification because you are a member of gEDA Bug
Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/700333
Title:
Local configuration should be parsed, not evaluated
Status in GPL Electronic Design Automation tools:
Confirmed
Bug description:
affects geda
security yes
private no
done
Currently, per-directory rc files are evaluated as Scheme scripts. This
is an arbitrary code execution security risk. For example, users (and
in particular *new* users) are likely to want to download and open
designs from elsewhere, and almost all designs include a 'gafrc' file to
set up per-project component libraries.
Instead of being evaluated, local configuration files should be parsed.
This way it would be much harder to craft malicious designs.
An example of a parsable configuration file format is the resource file
format used by PCB.
In addition, a tool should be developed for migrating existing designs'
rc files to the any configuration system.
_______________________________________________
geda-bug mailing list
geda-bug@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug