Open hilbix opened 4 years ago
AFAICS with "insecure" option I
this could fall back to execve()
and hence re-establish this easily, as in this case we do not need the added security which fexecve()
offers anyway.
However is there a secure way of passing a checked script to system shells? It is worth the hassle?
Uh oh, found a major bug in handling :bash:
and :sh
, see temporary commit 8274710a0719a46a1cb5f81a6b4f3ae8e9e88732 .. which was not enough btw.
This bug was probably fixed with V3.0.0.
However fexecve
is not available on MacOS anyway. So execve
is back, but just or __APPLE__
, see 33329f893a733ae6d93aabd5d423b72e508a80d5
The impact of this has to be looked into more closely. But .. I do not own a MacOS machine anymore. I tried to setup a suitable VM for testing but failed.
So leave that open as a reminder to test on MacOS-X.
Apparently an oversight when rearranging some unpushed
git
-commits from a time beforefexecve
was used:With the
fexecve()
pushing commandline arguments late certainly cannot work this way, as the script still is executed, not the shell.So this feature looks broken at it's best (I cannot see a security issue, as you must enable it yourself).
So for now: Just do not use it until I came around to think about it a bit further.