What stops cmd from being a locative?
Henry Rich
On 11/27/2013 10:37 AM, Pascal Jasmin wrote:
These routines should allow for "safe" remote code execution from a not
completely trusted user, but I am posting here in case I missed anything. Safe means
should not crash, and should not execute any command outside the sandbox locale. User
passes a noun that consists of 'cmd';monadic y arguments (maybe multiple boxes).
mkerr_z_ =: ((0&;)@:) ( :: ((13!:11 ; 13!:12)@:(''"_)))
chkerr_z_ =: ;@:}. ^:(0 = >@{.)
sanitize_z_ =: (0&pick)@:;:
rexec_z_ =: (sanitize@:>@{.@:] loc [) apply mkerr }.@:]
cocurrent 'testcommands'
(18!:5 '') 18!:2 ] 18!:5 '' NB. removes _z_
double =: +:@:;
echo =: ]
in immediate window, (or use cocurrent 'base' if typed above
w =. <'testcommands'
w rexec 'double';2;3;4
┌─┬─────┐
│0│4 6 8│
└─┴─────┘
chkerr w rexec 'double';2;3;4
4 6 8
w rexec 'do_z';2;3;4
┌──┬─────────────────────────────────────────────────────┐
│21│|value error: do_z_testcommands_ | (<0),<x u y │
└──┴─────────────────────────────────────────────────────┘
any improvements or security failure?
Note the first line of 'testcommands' locale, is there a way to set the search
path to nothing (instead of self as done there)
----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm
----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm
