Comments (5)
Relevant crate: https://github.com/sfackler/shell-escape
from modus.
I am still a bit concerned about the use of shell-escaping, because such tools do not provide any correctness guarantees. As a result, (1) the language semantics is not well-defined (we cannot guarantee that an arbitrary command will be executed the way it is typed), (2) we open opportunities for shell injection attacks.
I suggest to think more about what we can do to avoid these problems. For example, if there is a way to set envorinment variables, we can use cp "$SOURCE" "$DESTINATION"
(although this will pollute the environment of the spawned shell process). We can consider also reading the arguments from temporary files, as passing them to using command substitution, e.g. cp "`cat /tmp/source.txt`" "`cat /tmp/destination.txt`"
.
from modus.
I thought about this as well, and I don't like relying on escaping either.
About the first approach - the only problem I can see is that there is a limit to the combined size of environment variables, although it is quite large (128 KB on Linux), but still nevertheless could cause problem if the user has a long "run" script, or if the parent image already contains tons of env vars.
I like the second approach a bit more (we are already using temporary mounts to implement copy so no problem just adding some temporary text files as well). Also polluting the file system feels a bit "better" than polluting env vars.
As to shell injection attacks - all these scripts are run inside the container it's building, and if you want to inject some shell commands you could already just use run
normally.
from modus.
@maowtm, ok, your plan sounds good.
Regarding shell injection, imagine the following situation: a user of Modus wrote a Modusfile that accepts a file path as an argument of an image predicate. The user exposes this argument through a web service, accepting untrusted inputs under the assumption that file paths inside their container are all safe. If we use the shell escaping approach, this will make the service vulnerable to shell injection.
from modus.
(shell escape initially)
from modus.
Related Issues (20)
- Misleading error message `expected ")"` HOT 1
- `run(...)` and `(copy(...))::merge` fails on scratch image
- Invalid operator usage does not result in proper error messages HOT 1
- Better Analysis in recursive cases HOT 2
- Stratified construction
- Array Types (v1) HOT 4
- Fix hard-coded scratch image spec
- Better error messages for malformed goals
- Better Proof Highlighting HOT 2
- Proposal: Allow copying multiple files to the same destination via `(::)copy([...], dest)` HOT 3
- Types HOT 1
- `modus run`, `modus ls`, etc
- Format strings in negated expressions HOT 1
- string_concat -> f-string reversal HOT 1
- Layer expression that creates no layers HOT 5
- Should mention in the README.md to download protoc for M1
- Outdated comment
- Print a warning when there multiple minimal proofs
- Who's behind this project ? HOT 4
- SLD Resolution? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modus.