[Haskell-cafe] ghci in gallery

Mateusz Lenik mlen at mlen.pl
Thu Feb 13 09:51:32 UTC 2014


Hi Duncan,

I'd highly recommend using something like mueval:
http://hackage.haskell.org/package/mueval

In the setup you suggested malicious user can:
1) execute other processes (to create a remote shell using nc, or to try to
   exploit suid binaries),
2) do any network IO (to send spam for example),
3) read files readable to all users (kind of obvious, but /etc/passwd can be
   read by anyone on the system -- attackers can learn who uses the system,
   what services are running),
4) it allows access to loopback interface which it makes it very hard to
   firewall it properly.

And this is only the stuff that came up to my mind in 5 minutes.
Basically this setup is like giving anyone access to shell.

Cheers,
Mateusz

On Thu, Feb 13, 2014 at 08:29:31AM +0000, Duncan Rowland wrote:
> Dear All,
>
>    new to haskell, so this might be obvious, but...
>
>    I'm setting up a gallery installation (OSX) that exposes a command
> line haskell to the visitors.
>    The process is run with user 'nobody', so hopefully that will be a
> bit safer, i.e.
>
> cat visitor_commands_pipe | sudo -u nobody ghci -XOverloadedStrings
>
>    But how question are:
>       1) what sort of damage could a malicious user do to my system by
> entering commands into the pipe?
>       2) what should I do to protect my system? I can filter the user
> commands as I like, but I do not want to run 'in a webpage'.
>
>    Thanks in advance,
>       -Duncan.
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20140213/dbcb9af9/attachment.sig>


More information about the Haskell-Cafe mailing list