On 03/07/2017 09:29 AM, Timo Paulssen wrote:
For example: > > <code> sub WriteSecondaryClipboard ( $Str ) { # <ctrl><c>
my $Cmd = "echo \"$Str\" | xclip -selection clipboard";
shell $Cmd;
} > </code> > > problem solved.
Please don't forget that if $Str can be modified by a user or outside
process somehow, you've opened the door to remote code execution here.
Imagine $Str being something like
hello, this is part of the echo" | rm -rf / | "and an opening quote
to make the rest of the code work again
and it'll do A Bad Thing*
If you ever heard of "useless use of cat", you might understand what i
mean when i say this is a "useless use of echo".
Instead of using the shell to do a redirect from echo, you can just run
the xclip process directly from perl6 and pass in the text you want it
to receive. That way there's no chance for "code injection" or any other
way things could go wrong.
For example, if your $Str contains a single ", here's what you get:
/bin/sh: -c: line 1: unexpected EOF while looking for matching `"'
/bin/sh: -c: line 2: syntax error: unexpected end of file
The spawned command 'echo "oh my "what do we have here
" | cat' exited unsuccessfully (exit code: 1)
in block <unit> at -e line 1
Or what if there's backtick quotes?
timo@schmand ~> perl6 -e 'my $Str = $*IN.slurp-rest(:close); shell
qq/echo "$Str" | cat/'
Hey, you are totally running `uname`.
Hey, you are totally running Linux.
Or what if there's ANSI escape codes?
There's no end to what tomfoolery someone who can control $Str can do to
your system.
Hope that helps!
- Timo
* yes, i know about --no-preserve-root and all that. "rm -rf /" is a
very iconic phrase for "mess up your computer real bad", though.
Hi Timo,
I am not sure what you are getting at. If someone has access to
your system, he can write all kinds of nasty stuff. Even so,
he is still subject to the restrictions placed on him as a user.
One way to hack things as a user is to find cron jobs that
will allow the user to modify them. Keeping this in mind,
all my scripts that are being run as root have file permissions
of 500. Standard users can not even see them.
Still, given a regular user and a terminal, all kinds of
trouble can ensue. He doesn't have to hack a perl program.
-T
