diff options
author | makefu <github@syntax-fehler.de> | 2016-11-08 16:48:58 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-11-08 16:48:58 +0100 |
commit | dbb25f7288be2c9d2afe796d63d1a070e353daca (patch) | |
tree | f33630255ec39e4db545eaa63e5acff55efbafdf /krebs/5pkgs/Reaktor/scripts/sed-plugin.py | |
parent | 6e8e38be163904fe138b4d8dd0bec2e1b8bd317c (diff) |
k 5 Reaktor: harden sed-plugin
Diffstat (limited to 'krebs/5pkgs/Reaktor/scripts/sed-plugin.py')
-rw-r--r-- | krebs/5pkgs/Reaktor/scripts/sed-plugin.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 8103c9585..6039aeb43 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -34,9 +34,22 @@ if m: flagstr = '' last = d.get(usr,None) if last: - #print(re.sub(fn,tn,last,count=count,flags=flags)) from subprocess import Popen,PIPE - p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) + import shutil + from os.path import realpath + # sed only needs stdin/stdout, we protect state_dir with this + # input to read/write arbitrary files: + # s/.\/\/; w /tmp/i (props to waldi) + # conclusion: sed is untrusted and we handle it like this + p = Popen(['proot', + # '-v','1', + '-w','/', # cwd is root + '-b','/nix/store', # mount important folders + '-b','/usr', + '-b','/bin', + '-r','/var/empty', # chroot to /var/empty + realpath(shutil.which('sed')), + 's/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) |