Open milancurcic opened 2 years ago
There is also the extension system
which can run shell commands and we can still popen
a process via bind(c)
. Best would be to strip down our docker image to only include the necessary libraries. Not having wget
and curl
might already help, don't know whether we can delete the shell and have fpm still work. Maybe a distroless container might be useful.
Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as?
intrinsic :: execute_command_line
Perhaps it's possible to remove the symbol from libgfortran.a
(or the shared library)?
You can do so with inserting a "use module" - I sent an example to Milan and Sebastian, see below:
! chk_exec.f90 -- ! Can I override execute_command_line? ! module workaround_exec implicit none
intrinsic :: execute_command_line
end module workaround_exec
module dummy_exec implicit none
contains subroutine execute_command_line( string ) character(len=*) :: string
write(*,*) "Dummy execution of: " // trim(string)
end subroutine execute_command_line end module dummy_exec
program chk_exec use dummy_exec use workaround_exec !intrinsic :: execute_command_line
call execute_command_line( "echo Hello!" )
end program chk_exec
I tested this with Intel Fortran and gfortran - both give errors with either the intrinsic statement or the use of the other module.
Regards,
Arjen
Op di 13 sep. 2022 om 21:24 schreef Ivan Pribec @.***>:
Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as?
intrinsic :: execute_command_line
Perhaps it's possible to remove the symbol from libgfortran.a (or the shared library)?
— Reply to this email directly, view it on GitHub https://github.com/fortran-lang/playground/issues/47#issuecomment-1245860271, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAN6YR55GJYRE2MKHCHPWGLV6DIIRANCNFSM6AAAAAAQLTDLDA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Thank you @ivan-pi and @arjenmarkus. Both are viable, but rather than injecting code we can detect the offending code in the function that processes the request, and return a helpful error message to the frontend.
Alternatively, we could disallow it on the frontend. The user would still be able to submit such code directly to the API until #34 is resolved.
It's currently allowed and users can run shell commands in the container. Should we disallow calling
execute_command_line
, even considering #46?