summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@chromium.org>2018-09-17 19:19:15 -0400
committerMike Frysinger <vapier@gentoo.org>2018-09-17 19:23:35 -0400
commite490601874fe785c7632e6571a3a1d8f43404622 (patch)
tree3293daa43f9bfecd5dfb43a533ccc4e2c5a5926d /sys-devel/bc/files
parentdev-libs/libressl-2.6.5: ppc64 stable, bug 658158 (diff)
downloadgentoo-e490601874fe785c7632e6571a3a1d8f43404622.tar.gz
gentoo-e490601874fe785c7632e6571a3a1d8f43404622.tar.bz2
gentoo-e490601874fe785c7632e6571a3a1d8f43404622.zip
sys-devel/bc: add support for --sandbox & USE=forced-sandbox
The dc tool has an ! command which allows for arbitrary system() calls which is not ideal for processing arbitrary user scripts. First add support for a --sandbox flag at runtime (like sed/gawk gnu tools), then add a USE=forced-sandbox option so people can lock it down. The patches have been sent to upstream, but considering how slow the bc project tends to move, and their lack of a project site/git repo, going to merge this now and just wait for upstream feedback.
Diffstat (limited to 'sys-devel/bc/files')
-rw-r--r--sys-devel/bc/files/bc-1.07.1-sandbox.patch121
1 files changed, 121 insertions, 0 deletions
diff --git a/sys-devel/bc/files/bc-1.07.1-sandbox.patch b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
new file mode 100644
index 00000000000..ec5c406645b
--- /dev/null
+++ b/sys-devel/bc/files/bc-1.07.1-sandbox.patch
@@ -0,0 +1,121 @@
+this has been sent upstream, but they don't have a mailing list or project site
+to link to. oh well.
+
+From e641584767c3c7cc1ff544805acc2562fc56cda9 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Mon, 17 Sep 2018 18:57:57 -0400
+Subject: [PATCH 1/2] dc: add a --sandbox option
+
+Other GNU projects (like sed & gawk) have a --sandbox flag whereby
+access to files and system() are disabled. This allows people to
+run arbitrary scripts without worrying about them "escaping" and
+executing arbitrary commands on the system.
+---
+ dc/dc.c | 9 ++++++++-
+ dc/dc.h | 3 +++
+ dc/misc.c | 6 ++++++
+ doc/dc.1 | 5 +++++
+ doc/dc.texi | 4 ++++
+ 5 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/dc/dc.c b/dc/dc.c
+index 6a2bb2639235..592a76be71da 100644
+--- a/dc/dc.c
++++ b/dc/dc.c
+@@ -54,6 +54,7 @@
+ #endif
+
+ const char *progname; /* basename of program invocation */
++int dc_sandbox_enabled; /* whether sandbox mode is enabled */
+
+ static void
+ bug_report_info DC_DECLVOID()
+@@ -80,6 +81,7 @@ usage DC_DECLARG((f))
+ Usage: %s [OPTION] [file ...]\n\
+ -e, --expression=EXPR evaluate expression\n\
+ -f, --file=FILE evaluate contents of file\n\
++ -S, --sandbox disable the ! (system) command\n\
+ -h, --help display this help and exit\n\
+ -V, --version output version information and exit\n\
+ \n\
+@@ -252,6 +254,7 @@ main DC_DECLARG((argc, argv))
+ static struct option const long_opts[] = {
+ {"expression", required_argument, NULL, 'e'},
+ {"file", required_argument, NULL, 'f'},
++ {"sandbox", no_argument, NULL, 'S'},
+ {"help", no_argument, NULL, 'h'},
+ {"version", no_argument, NULL, 'V'},
+ {NULL, 0, NULL, 0}
+@@ -260,12 +263,13 @@ main DC_DECLARG((argc, argv))
+ int c;
+
+ progname = r1bindex(*argv, '/');
++ dc_sandbox_enabled = 0;
+ dc_math_init();
+ dc_string_init();
+ dc_register_init();
+ dc_array_init();
+
+- while ((c = getopt_long(argc, argv, "hVe:f:", long_opts, (int *)0)) != EOF) {
++ while ((c = getopt_long(argc, argv, "hVe:f:S", long_opts, (int *)0)) != EOF) {
+ switch (c) {
+ case 'e':
+ { dc_data string = dc_makestring(optarg, strlen(optarg));
+@@ -279,6 +283,9 @@ main DC_DECLARG((argc, argv))
+ try_file(optarg);
+ did_eval = 1;
+ break;
++ case 'S':
++ dc_sandbox_enabled = 1;
++ break;
+ case 'h':
+ usage(stdout);
+ return flush_okay();
+diff --git a/dc/dc.h b/dc/dc.h
+index 6a871ad612a5..a148df467a92 100644
+--- a/dc/dc.h
++++ b/dc/dc.h
+@@ -76,4 +76,7 @@ typedef struct {
+ /* This is dc's only global variable: */
+ extern const char *progname; /* basename of program invocation */
+
++/* Whether to run in sandbox mode. */
++extern int dc_sandbox_enabled;
++
+ #endif /* not DC_DEFS_H */
+diff --git a/dc/misc.c b/dc/misc.c
+index cd23602fce32..115be90b03bf 100644
+--- a/dc/misc.c
++++ b/dc/misc.c
+@@ -131,6 +131,12 @@ dc_system DC_DECLARG((s))
+ char *tmpstr;
+ size_t len;
+
++ if (dc_sandbox_enabled) {
++ fprintf(stderr, "%s: ! command disabled in sandbox mode\n",
++ progname);
++ exit(EXIT_FAILURE);
++ }
++
+ p = strchr(s, '\n');
+ if (p != NULL) {
+ len = (size_t) (p - s);
+diff --git a/doc/dc.1 b/doc/dc.1
+index 1c666493e00a..7c4b6fffd616 100644
+--- a/doc/dc.1
++++ b/doc/dc.1
+@@ -84,6 +84,11 @@ to the set of commands to be run while processing the input.
+ Add the commands contained in the file
+ .I script-file
+ to the set of commands to be run while processing the input.
++.TP
++.B -S
++.TP
++.B --sandbox
++Run in sandbox mode where access to \fB!\fR for the system function.
+ .PP
+ If any command-line parameters remain after processing the above,
+ these parameters are interpreted as the names of input files to
+--
+2.17.1
+