[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Sandbox implementation, attempt #2
- From: "David F" <kumpuu@...>
- Date: Sun, 19 Mar 2017 02:56:17 +0100
On 19/03/17 02:27 AM, Kat Kioo wrote:
>In general you should just remove the functions at compile time instead of removing at runtime in the vm. Another thing that you might consider a security ossue is your makesafeph function. In general it is not as simple as a few regex replaces.
Not really sure how to imagine the first part. Sounds complicated.
makeSafePath does not use regex. It checks for a relative path that escapes its parent directory (".."), if it doesn't the user dir is prefixed and the result returned. I tried finding out if there is anything else special going on with paths under windows, but the best I could find was a msdn article that didn't reveal anything new. When fed with an absolute path the function should return an invalid path. I'll probably do check for that and just return nil.
--David
- References:
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Soni L.
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Soni L.
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Kat Kioo
