Prev: openCV and ruby
Next: [ANN] April Phoenix Ruby User Group Meeting
From: Brian Candler on 7 Apr 2010 04:10
Rick Ashton wrote:
> I can't hard-code the path this way. By design, a Mac app bundle should
> be able to live anywhere, not just under a particular path, so I can't
> do this. Will just have to live with the security implication then. Of
> course, in the case of the example you provide, there's nothing stopping
> someone / something from modifying / replacing
> /home/candlerb/myscript.rb anyways, right?

Well, obviously you don't give setuid permissions to a file and then
allow anyone to edit it :-) It would have to be stored in a trusted
location. Ditto the path to the ruby interpreter itself.

The C program could validate that the script lives in a trusted location
(that only an administrator could modify). Or calculate an SHA1. Or
include your actual script source inline, and link against libruby to
run it (again, in the assumption that only a trusted user would be able
to replace libruby)

> Untainting the network interface
> string fixed that.
>
> Solved! Thanks for the help :)

Excellent news!
--
Posted via http://www.ruby-forum.com/.

From: Caleb Clausen on 7 Apr 2010 17:06
On 4/7/10, Brian Candler <b.candler(a)pobox.com> wrote:
> Well, obviously you don't give setuid permissions to a file and then
> allow anyone to edit it :-) It would have to be stored in a trusted
> location. Ditto the path to the ruby interpreter itself.
>
> The C program could validate that the script lives in a trusted location
> (that only an administrator could modify). Or calculate an SHA1. Or

I believe that using a sha1 in this way would create a TOCTOU race
condition; in other words, it's not secure. Don't do that.

First  |  Prev  | 
Pages: 1 2 3 4
Prev: openCV and ruby
Next: [ANN] April Phoenix Ruby User Group Meeting