Open hilbix opened 4 years ago
hilbix
commented
4 years ago AFAICS with "insecure" option I this could fall back to execve() and hence re-establish this easily, as in this case we do not need the added security which fexecve() offers anyway.
However is there a secure way of passing a checked script to system shells? It is worth the hassle?
hilbix
commented
2 years ago Uh oh, found a major bug in handling :bash: and :sh, see temporary commit 8274710a0719a46a1cb5f81a6b4f3ae8e9e88732 .. which was not enough btw.
hilbix
commented
1 year ago This bug was probably fixed with V3.0.0.
However fexecve is not available on MacOS anyway. So execve is back, but just or __APPLE__, see 33329f893a733ae6d93aabd5d423b72e508a80d5
The impact of this has to be looked into more closely. But .. I do not own a MacOS machine anymore. I tried to setup a suitable VM for testing but failed.
So leave that open as a reminder to test on MacOS-X.
Apparently an oversight when rearranging some unpushed
git-commits from a time beforefexecvewas used:With the
fexecve()pushing commandline arguments late certainly cannot work this way, as the script still is executed, not the shell.So this feature looks broken at it's best (I cannot see a security issue, as you must enable it yourself).
So for now: Just do not use it until I came around to think about it a bit further.