search

fortran-lang / playground

An interactive Fortran playground
MIT License
34 stars 12 forks source link

Should we disallow calling `execute_command_line`? #47

Open milancurcic opened 2 years ago

milancurcic commented 2 years ago

It's currently allowed and users can run shell commands in the container. Should we disallow calling execute_command_line, even considering #46?

awvwgk commented 2 years ago

There is also the extension system which can run shell commands and we can still popen a process via bind(c). Best would be to strip down our docker image to only include the necessary libraries. Not having wget and curl might already help, don't know whether we can delete the shell and have fpm still work. Maybe a distroless container might be useful.

ivan-pi commented 2 years ago

Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as?

intrinsic :: execute_command_line

Perhaps it's possible to remove the symbol from libgfortran.a (or the shared library)?

arjenmarkus commented 2 years ago

You can do so with inserting a "use module" - I sent an example to Milan and Sebastian, see below:

! chk_exec.f90 -- ! Can I override execute_command_line? ! module workaround_exec implicit none

intrinsic :: execute_command_line

end module workaround_exec

module dummy_exec implicit none

contains subroutine execute_command_line( string ) character(len=*) :: string

write(*,*) "Dummy execution of: " // trim(string)

end subroutine execute_command_line end module dummy_exec

program chk_exec use dummy_exec use workaround_exec !intrinsic :: execute_command_line

call execute_command_line( "echo Hello!" )

end program chk_exec

I tested this with Intel Fortran and gfortran - both give errors with either the intrinsic statement or the use of the other module.

Regards,

Arjen

Op di 13 sep. 2022 om 21:24 schreef Ivan Pribec @.***>:

Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as?

intrinsic :: execute_command_line

Perhaps it's possible to remove the symbol from libgfortran.a (or the shared library)?

— Reply to this email directly, view it on GitHub https://github.com/fortran-lang/playground/issues/47#issuecomment-1245860271, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAN6YR55GJYRE2MKHCHPWGLV6DIIRANCNFSM6AAAAAAQLTDLDA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

milancurcic commented 2 years ago

Thank you @ivan-pi and @arjenmarkus. Both are viable, but rather than injecting code we can detect the offending code in the function that processes the request, and return a helpful error message to the frontend.

Alternatively, we could disallow it on the frontend. The user would still be able to submit such code directly to the API until #34 is resolved.