Follow-up Comment #1, bug #15624 (project freeciv):

Testcase scenario. This file does not verify the security of the solution, it
only demonstrates the problem.

./ser -f OSAccess.sav

before:

1: Hello esteemed freeciv user.
1: Let's check uname -a
Linux ulrik-ibook 2.6.32-trunk-powerpc #1 Mon Jan 11 03:50:43 UTC 2010 ppc
GNU/Linux
1: Maybe I can read your files
1: root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
...

after:

1: Hello esteemed freeciv user.
1: Let's check uname -a
1: lua error:
        [string "script.code"]:4: attempt to index global 'os' (a nil value)
stack traceback:
        [string "script.code"]:4: in main chunk

             1: 
             2: error_log("Hello esteemed freeciv user.")
             3: error_log("Let's check uname -a")
        -->  4: os.execute("uname -a")
             5: error_log("Maybe I can read your files")
             6: error_log(io.open("/etc/passwd", "r"):read("*a"))


We must be sure that one can't retrieve the modules io, os again (which is
why we block require, module, package etc.).


(file #8532)
    _______________________________________________________

Additional Item Attachment:

File name: OSAccess.sav                   Size:24 KB


    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?15624>

_______________________________________________
  Meddelandet skickades via/av Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to