1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
this has been sent upstream, but they don't have a mailing list or project site
to link to. oh well.
From e641584767c3c7cc1ff544805acc2562fc56cda9 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@chromium.org>
Date: Mon, 17 Sep 2018 18:57:57 -0400
Subject: [PATCH 1/2] dc: add a --sandbox option
Other GNU projects (like sed & gawk) have a --sandbox flag whereby
access to files and system() are disabled. This allows people to
run arbitrary scripts without worrying about them "escaping" and
executing arbitrary commands on the system.
---
dc/dc.c | 9 ++++++++-
dc/dc.h | 3 +++
dc/misc.c | 6 ++++++
doc/dc.1 | 5 +++++
doc/dc.texi | 4 ++++
5 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/dc/dc.c b/dc/dc.c
index 6a2bb2639235..592a76be71da 100644
--- a/dc/dc.c
+++ b/dc/dc.c
@@ -54,6 +54,7 @@
#endif
const char *progname; /* basename of program invocation */
+int dc_sandbox_enabled; /* whether sandbox mode is enabled */
static void
bug_report_info DC_DECLVOID()
@@ -80,6 +81,7 @@ usage DC_DECLARG((f))
Usage: %s [OPTION] [file ...]\n\
-e, --expression=EXPR evaluate expression\n\
-f, --file=FILE evaluate contents of file\n\
+ -S, --sandbox disable the ! (system) command\n\
-h, --help display this help and exit\n\
-V, --version output version information and exit\n\
\n\
@@ -252,6 +254,7 @@ main DC_DECLARG((argc, argv))
static struct option const long_opts[] = {
{"expression", required_argument, NULL, 'e'},
{"file", required_argument, NULL, 'f'},
+ {"sandbox", no_argument, NULL, 'S'},
{"help", no_argument, NULL, 'h'},
{"version", no_argument, NULL, 'V'},
{NULL, 0, NULL, 0}
@@ -260,12 +263,13 @@ main DC_DECLARG((argc, argv))
int c;
progname = r1bindex(*argv, '/');
+ dc_sandbox_enabled = 0;
dc_math_init();
dc_string_init();
dc_register_init();
dc_array_init();
- while ((c = getopt_long(argc, argv, "hVe:f:", long_opts, (int *)0)) != EOF) {
+ while ((c = getopt_long(argc, argv, "hVe:f:S", long_opts, (int *)0)) != EOF) {
switch (c) {
case 'e':
{ dc_data string = dc_makestring(optarg, strlen(optarg));
@@ -279,6 +283,9 @@ main DC_DECLARG((argc, argv))
try_file(optarg);
did_eval = 1;
break;
+ case 'S':
+ dc_sandbox_enabled = 1;
+ break;
case 'h':
usage(stdout);
return flush_okay();
diff --git a/dc/dc.h b/dc/dc.h
index 6a871ad612a5..a148df467a92 100644
--- a/dc/dc.h
+++ b/dc/dc.h
@@ -76,4 +76,7 @@ typedef struct {
/* This is dc's only global variable: */
extern const char *progname; /* basename of program invocation */
+/* Whether to run in sandbox mode. */
+extern int dc_sandbox_enabled;
+
#endif /* not DC_DEFS_H */
diff --git a/dc/misc.c b/dc/misc.c
index cd23602fce32..115be90b03bf 100644
--- a/dc/misc.c
+++ b/dc/misc.c
@@ -131,6 +131,12 @@ dc_system DC_DECLARG((s))
char *tmpstr;
size_t len;
+ if (dc_sandbox_enabled) {
+ fprintf(stderr, "%s: ! command disabled in sandbox mode\n",
+ progname);
+ exit(EXIT_FAILURE);
+ }
+
p = strchr(s, '\n');
if (p != NULL) {
len = (size_t) (p - s);
diff --git a/doc/dc.1 b/doc/dc.1
index 1c666493e00a..7c4b6fffd616 100644
--- a/doc/dc.1
+++ b/doc/dc.1
@@ -84,6 +84,11 @@ to the set of commands to be run while processing the input.
Add the commands contained in the file
.I script-file
to the set of commands to be run while processing the input.
+.TP
+.B -S
+.TP
+.B --sandbox
+Run in sandbox mode where access to \fB!\fR for the system function.
.PP
If any command-line parameters remain after processing the above,
these parameters are interpreted as the names of input files to
--
2.17.1
|
