I'm not positive what you mean, w rexec 'do_z_';2;3;4 ┌─┬───────────────────────────────────────────────────────────────────┐ │4│|ill-formed name: do_z__testcommands_ | w rexec'do_z_';2;3;4 │ └─┴───────────────────────────────────────────────────────────────────┘
the sanitize function picks the first word (;:) from cmd. As long as the "whitelist" provided by the testcommands locale does not include something like do or memw, then I don't think its possible to run a locative (?) I did find an error in sanitize, which assumed cmd is a string. Easiest, atm, to preguard for that. w rexec 2;3;4 |domain error: sanitize | w rexec 2;3;4 ________________________________ From: Henry Rich <[email protected]> To: [email protected] Sent: Wednesday, November 27, 2013 1:11:57 PM Subject: Re: [Jprogramming] safe remote execution What stops cmd from being a locative? Henry Rich On 11/27/2013 10:37 AM, Pascal Jasmin wrote: > These routines should allow for "safe" remote code execution from a not > completely trusted user, but I am posting here in case I missed anything. > Safe means should not crash, and should not execute any command outside the > sandbox locale. User passes a noun that consists of 'cmd';monadic y > arguments (maybe multiple boxes). > > mkerr_z_ =: ((0&;)@:) ( :: ((13!:11 ; 13!:12)@:(''"_))) > chkerr_z_ =: ;@:}. ^:(0 = >@{.) > sanitize_z_ =: (0&pick)@:;: > > > rexec_z_ =: (sanitize@:>@{.@:] loc [) apply mkerr }.@:] > > cocurrent 'testcommands' > (18!:5 '') 18!:2 ] 18!:5 '' NB. removes _z_ > double =: +:@:; > echo =: ] > > in immediate window, (or use cocurrent 'base' if typed above > > w =. <'testcommands' > > > w rexec 'double';2;3;4 > ┌─┬─────┐ > │0│4 6 8│ > └─┴─────┘ > chkerr w rexec 'double';2;3;4 > 4 6 8 > > w rexec 'do_z';2;3;4 > ┌──┬─────────────────────────────────────────────────────┐ > │21│|value error: do_z_testcommands_ | (<0),<x u y │ > └──┴─────────────────────────────────────────────────────┘ > > any improvements or security failure? > > Note the first line of 'testcommands' locale, is there a way to set the > search path to nothing (instead of self as done there) > > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
