[
http://dev.sourcefabric.org/browse/LS-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15805#action_15805
]
Romain Beauxis commented on LS-512:
-----------------------------------
I agree that the security issue may not be that bad for now.. However, there is
the possibility now to serve HTTP requests within liq so we should be cautious..
The POSIX code for open_process is relatively simple and it could be possible
to duplicate it if we wanted so:
let open_proc cmd proc input output toclose =
let cloexec = List.for_all try_set_close_on_exec toclose in
match fork() with
0 -> if input <> stdin then begin dup2 input stdin; close input end;
if output <> stdout then begin dup2 output stdout; close output end;
if not cloexec then List.iter close toclose;
begin try execv "/bin/sh" [| "/bin/sh"; "-c"; cmd |]
with _ -> exit 127
end
| id -> Hashtbl.add popen_processes proc id
For the windows case, I am not even sure that the problem occurs since fork is
not implemented in windows. The code in this case is quite different..
> External processes inherit opened file descriptor, including opened sockets.
> ----------------------------------------------------------------------------
>
> Key: LS-512
> URL: http://dev.sourcefabric.org/browse/LS-512
> Project: Liquidsoap
> Issue Type: Bug
> Components: Liquidsoap
> Reporter: Romain Beauxis
> Priority: Blocker
> Fix For: 1.0
>
>
> When liquidsoap spawns a new process using Ocaml's open_process* functions,
> the new process is created using fork() and therefore inherits all opened
> file descriptors from liquidsoap.
> This leads to many different type of issues, among which:
> * If liquidsoap stops before an external process, any port opened by
> liquidsoap remains open until all external processes have terminated
> * All external processes have access to the file/sockets opened by
> liquidsoap, in particular they may read a file whose content is supposed to
> be protected (password) or listen to network traffic (source password for
> instance)
> The problem is not easy. There are several possibilities:
> * Define our own implementation of Unix.open_process*
> * Use some shell trickery to close the descriptors before invoking the new
> process. Something like:
> "/bin/ls /dev/fd/ | while read i; do if test "$i" -ge "3"; then exec
> "$i<&-" 2>/dev/null; fi done; my_process
> * Convince OCaml's maintainer to apply some patch and wait for a new release
> of OCaml...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://dev.sourcefabric.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been
demonstrated beyond question. Learn why your peers are replacing JEE
containers with lightweight application servers - and what you can gain
from the move. http://p.sf.net/sfu/vmware-sfemails
_______________________________________________
Savonet-devl mailing list
Savonet-devl@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/savonet-devl
