Security of a public newlisp terminal

Started by cormullion, February 18, 2007, 08:48:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

cormullion

February 18, 2007, 08:48:25 AM Last Edit: December 31, 1969, 04:00:00 PM by cormullion
Suppose you had a newlisp interpreter session that was running on your own machine, but access to it was available on a public terminal. So, anyone could type (+ 2 2) and your machine would send back the message "4". Assume that the expression is passed in a string and evaluated by eval-stringm, and the string result is returned.



Obviously, the problem is with security. While evaluating '(+ 2 2)' is harmless, there are probably plenty of other expressions that shouldn't be possible. Is there a 'sandbox' or 'safe' way of starting newLISP, so that anyone can type anything, but no access to the underlying OS or filesystem. I think that Javascript runs in a similarly insulated environment...

Lutz

#1
February 18, 2007, 09:05:52 AM Last Edit: December 31, 1969, 04:00:00 PM by Lutz
Uses this program: http://www.nodep.nl/downloads/newlisp/slimline.lsp">http://www.nodep.nl/downloads/newlisp/slimline.lsp , Norman wrote a while ago,  but change in the last line 'symbol' to 'sym' (the longer writing is deprecated)



Lutz



ps: you also could put it in init.lsp

cormullion

#2
February 18, 2007, 01:09:08 PM Last Edit: December 31, 1969, 04:00:00 PM by cormullion
Yes, that's good. I've got as far as this:


Code Select
(define (fork-eval-string str)
  (set 'command (format "/usr/bin/newlisp -e " (define (default-message) (silent (println {unavailable}))) (dolist (x (list {dump} {cpymem} {!} {exec} {fork} {pipe} {process} {wait-pid} {close} {command-line} {current-line} {device} {exec} {get-url} {load} {open} {post-url} {put-url} {read-buffer} {read-char} {read-file} {read-line} {save} {search} {seek} {write-buffer} {write-char} {write-file} {write-line} {change-dir} {copy-file} {delete-file} {directory} {file-info} {make-dir} {remove-dir} {rename-file} {trace} {import} {file?} {env} {directory?} {net-accept} {net-close} {net-connect} {net-error} {net-listen} {net-local} {net-lookup} {net-peer} {net-peek} {net-receive} {net-receive-from} {net-receive-udp} {net-select} {net-send} {net-send-to} {net-send-udp} {net-service} {net-sessions})) (constant (sym x) default-message)) (eval-string {%s}) " " str))
  (exec command))

(println
(last (fork-eval-string "(+ 12 3)"))
)


- a bit untidy, still.



Norman's code included "putenv" and "getenv" - not available now, I expect. Perhaps there are some newer functions that are not in this list.



Is there any mileage in a "-safe" option for newlisp one day?
Print
Go Up Pages1
User actions