> How do go about including gnuplot in the chroot? Do I just do ln -s
> ../../usr/local/bin/gnuplot? I thought symlinks could get away with
> chroots or are those restricted to /var/www as well?
Warning: gnuplot is *not* be secure against malicious input!
That is, if you provide a web form allowing web-user-supplied
input to be fed into gnuplot, I'm almost certain that with an hour or
three of hacking, a malicious user could use such a webified gnuplot
to execute malicious-user-supplied arbitrary machine code on your web
server, running as the userid of your gnuplot cgi script.
The reason for this is simple: gnuplot was never designed for security:
- it supports at least three different flavors of shell escapes
- it allows user specification of scanf()-like format strings
which are interpreted at runtime
- there has been no particular effort to guarantee that buffer overruns
can't happen (i.e. the code uses the usual C str*() functions)
- it has the usual collection of pointer bugs found in most large C
programs (particularly ones with lots and lots of global variables,
and that have been hacked on by many people over 20+ years)
- it offers a Turing-complete expression language (now including string
variables!) to help the malicious obfuscate things
gnuplot is a useful piece of software (I've been using regularly for
about 20 years), but for security purposes, you really need to treat
the gnuplot command prompt like you would a shell command prompt.
--
-- "Jonathan Thornburg [remove -animal to reply]"
<jth...@astro.indiana-zebra.edu>
Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
