[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated

To: geda-bug@xxxxxxxx
Subject: gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated
From: Peter TB Brett <700333@xxxxxxxxxxxxxxxxxx>
Date: Thu, 13 Jan 2011 10:27:56 -0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: geda-bug@xxxxxxxx
Delivery-date: Thu, 13 Jan 2011 05:35:53 -0500
List-archive: <http://www.seul.org/pipermail/geda-bug>
List-help: <mailto:geda-bug-request@moria.seul.org?subject=help>
List-id: gEDA bug mailing list <geda-bug.moria.seul.org>
List-post: <mailto:geda-bug@moria.seul.org>
List-subscribe: <http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug>, <mailto:geda-bug-request@moria.seul.org?subject=subscribe>
List-unsubscribe: <http://www.seul.org/cgi-bin/mailman/options/geda-bug>, <mailto:geda-bug-request@moria.seul.org?subject=unsubscribe>
References: <m3ei8n5u4c.fsf@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Bug 700333 <700333@xxxxxxxxxxxxxxxxxx>, gEDA bug mailing list <geda-bug@xxxxxxxxxxxxxx>
Sender: geda-bug-bounces@xxxxxxxxxxxxxx

Sandboxes are always difficult, if not effectively impossible, to make
completely airtight, as you must ensure that *any combination* of
functions available within the sandbox cannot lead to a breakout. In any
case, Guile does not have sandboxing support.

At the moment, I'm not particularly concerned about the actual on-disk
format used. That's very much determined by the content we want to store
in the configuration file, anyway.

I've started working on a spec for what the API should look like. You
can keep track of my progress here:

http://repo.or.cz/w/geda-gaf/peter-b.git/blob/refs/heads/config-
sys:/docs/specifications/config-api.txt

Or, if that URL gets mangled: http://goo.gl/Lcbna

Let me know if the approach seems insane.

-- 
You received this bug notification because you are a member of gEDA Bug
Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/700333

Title:
  Local configuration should be parsed, not evaluated

Status in GPL Electronic Design Automation tools:
  Confirmed

Bug description:
   affects geda
   security yes
   private no
   done

  Currently, per-directory rc files are evaluated as Scheme scripts.  This
  is an arbitrary code execution security risk.  For example, users (and
  in particular *new* users) are likely to want to download and open
  designs from elsewhere, and almost all designs include a 'gafrc' file to
  set up per-project component libraries.

  Instead of being evaluated, local configuration files should be parsed.
  This way it would be much harder to craft malicious designs.

  An example of a parsable configuration file format is the resource file
  format used by PCB.

  In addition, a tool should be developed for migrating existing designs'
  rc files to the any configuration system.




_______________________________________________
geda-bug mailing list
geda-bug@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug

References:
- gEDA-bug: [Bug 700333] [NEW] Local configuration should be parsed, not evaluated
  - From: Peter TB Brett

Prev by Author: Re: gEDA-bug: [Bug 701431] Re: Export and use accessors for getting / setting object visibility
Next by Author: Re: gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated
Next by thread: gEDA-bug: [ geda-Patches-3149702 ] Fix warning on moving over menu-item without action
Index(es):
- Author
- Thread