[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated



Sandboxes are always difficult, if not effectively impossible, to make
completely airtight, as you must ensure that *any combination* of
functions available within the sandbox cannot lead to a breakout. In any
case, Guile does not have sandboxing support.

At the moment, I'm not particularly concerned about the actual on-disk
format used. That's very much determined by the content we want to store
in the configuration file, anyway.

I've started working on a spec for what the API should look like. You
can keep track of my progress here:

http://repo.or.cz/w/geda-gaf/peter-b.git/blob/refs/heads/config-
sys:/docs/specifications/config-api.txt

Or, if that URL gets mangled: http://goo.gl/Lcbna

Let me know if the approach seems insane.

-- 
You received this bug notification because you are a member of gEDA Bug
Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/700333

Title:
  Local configuration should be parsed, not evaluated

Status in GPL Electronic Design Automation tools:
  Confirmed

Bug description:
   affects geda
   security yes
   private no
   done

  Currently, per-directory rc files are evaluated as Scheme scripts.  This
  is an arbitrary code execution security risk.  For example, users (and
  in particular *new* users) are likely to want to download and open
  designs from elsewhere, and almost all designs include a 'gafrc' file to
  set up per-project component libraries.

  Instead of being evaluated, local configuration files should be parsed.
  This way it would be much harder to craft malicious designs.

  An example of a parsable configuration file format is the resource file
  format used by PCB.

  In addition, a tool should be developed for migrating existing designs'
  rc files to the any configuration system.




_______________________________________________
geda-bug mailing list
geda-bug@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug