GNU bug report logs - #30683
[PATCH] build: add a configure flag to force --sandbox

Previous Next

Package: sed;

Reported by: Mike Frysinger <vapier <at> gentoo.org>

Date: Fri, 2 Mar 2018 22:29:01 UTC

Severity: normal

Tags: notabug, patch

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Mike Frysinger <vapier <at> gentoo.org>
To: 30683 <at> debbugs.gnu.org
Subject: bug#30683: [PATCH] build: add a configure flag to force --sandbox
Date: Fri,  2 Mar 2018 17:28:15 -0500

From: Mike Frysinger <vapier <at> chromium.org>

When building systems that integrate code scripts from a variety of
sources, it's hard to guarantee all users of sed are robust, and it's
not easy to make sure everyone uses --sandbox all the time.  Lets add
a configure option so people can easily build a GNU sed that always
enforces --sandbox mode.  This makes sure sed stays a dumb text tool
and can't be used as an avenue for code injection.

Consider a "benign" argument controlled by the user to a script that
is inlined as a match in a sed script.  Yes, the argument should have
been properly checked and/or sanitized, but the overall integrity of
the system shouldn't suffer because of these common mistakes.

* configure.ac: Add --enable-forced-sandbox option, and define
ENABLE_FORCED_SANDBOX when enabled.
* sed/sed.c (sandbox): Set to true when ENABLE_FORCED_SANDBOX,
else set to false.
---
 configure.ac | 7 +++++++
 sed/sed.c    | 7 ++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 4c57d682f976..8531fc2f0fe8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,13 @@ fi
 AM_CONDITIONAL([TEST_SYMLINKS],
           [test "$ac_cv_func_lstat:$ac_cv_func_readlink" = yes:yes])
 
+AC_ARG_ENABLE([forced-sandbox],
+  [AS_HELP_STRING([--enable-forced-sandbox)],
+     [always run with --sandbox enabled])])
+if test "$enable_forced_sandbox" = "yes"; then
+  AC_DEFINE([ENABLE_FORCED_SANDBOX], , [Always enabled --sandbox mode])
+fi
+
 AC_ARG_ENABLE(i18n,
 [  --disable-i18n          disable internationalization (default=enabled)], ,
 enable_i18n=yes)
diff --git a/sed/sed.c b/sed/sed.c
index 65bcab5ac58a..9d4a7a888c54 100644
--- a/sed/sed.c
+++ b/sed/sed.c
@@ -55,7 +55,12 @@ bool separate_files = false;
 bool follow_symlinks = false;
 
 /* If set, opearate in 'sandbox' mode */
-bool sandbox = false;
+bool sandbox =
+#ifdef ENABLE_FORCED_SANDBOX
+  true;
+#else
+  false;
+#endif
 
 /* How do we edit files in-place? (we don't if NULL) */
 char *in_place_extension = NULL;
-- 
2.16.1
This bug report was last modified 7 years and 173 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.