On 06/22/2011 03:34 PM, Ludovic Hutin wrote: > Hi, > > I have a question about the "write" action > I got something like > write /var/log/result/$13.login %t $8 ; \ > > If we got a $13 like "&& rm -fr /" or something like that, what > should append ? > Are we protected against injection attack ?
First of all, the 'write' action does not involve forking a shell for writing into files, but writing is rather done through open(2) and write(2) system calls. However, for some actions (shellcmd, spawn, pipe, and report) shell gets forked if action command lines contain shell metacharacters that need to be interpreted. Therefore, if match variables happen to contain special constructs (like `rm somefile`), you will see unexpected side effects. There are two rules of thumb for avoiding such unwanted situations: 1) write you regular expressions carefully, and don't set match variables with unknown data -- for example, if you know that user names contain alphanumerals and underscores only, match them with (\w+), *not* with (\S+) 2) if you have to use generic regular expressions that might match harmful stuff and assign it to match variables, don't pass the variables to external programs on command line -- for example, instead of shellcmd (/bin/echo $1 | /bin/mail root) it is safer to write pipe $1 /bin/mail root since $1 will be passed to /bin/mail through a pipe. HTH, risto > > Thanks, > Ludovic. > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > Simple-evcorr-users mailing list > Simple-evcorr-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
