[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with relaying



On Thu, Jan 18, 2001 at 03:11:16PM +0300, Eugene Crosser wrote:
> I'd second this.
> "Don't fix it if it ain't broken"
> sh-like language has its problems (notably dangerous variable expansion)
> but it also has advantages.  For example, most admins know it at least
> basically, and very few people are religious about it.
> 
> Eugene

	Like I noted before, "brokennes" is somewhat 'in the eye of
	the beholder'.

	... actually now that I compare code with carefull "don't let
	go of quotes in quoted string" and previous code, following
	test with "sticky quotes" shows near identical behaviour to
	that of previous generation:

z# rtrace
z#  v1=jjjjjjj
    v1=jjjjjjj
z# v2=kkkkk
    v2=kkkkk

	Note here string catenation without quotes around it:

z# v3=$v1:$v2
    v3=jjjjjjj:kkkkk
z# echo $v3
    echo jjjjjjj:kkkkk
jjjjjjj:kkkkk
z# echo $v1 $v2 $v3
    echo jjjjjjj kkkkk jjjjjjj:kkkkk
jjjjjjj kkkkk jjjjjjj:kkkkk
z# x="a b c d"
    x='a b c d'
z# for y in $x;do echo $y;done
    echo a b c d
a b c d
z# for y in $(ifssplit $x);do echo $y;done
    ifssplit (ifssplit 'a b c d') <0>
    echo a
a
    echo b
b
    echo c
c
    echo d
d
    echo `
`
z# 

	Hmm... What is that last one ??
	... oh, I see ... fixed.


	The difference is in that 'for' statement.  Before the implicite
	IFS splitting made first case to work as the second one does below:

	original code:

z# t="a b c d"
z# provide $t
    provide 'a b c d' b c d
        declare provide 'a b c d' b c d
            lreplace (lreplace provide a a) <0>
            lreplace (lreplace provide b b) <0>
            lreplace (lreplace provide c c) <0>
            lreplace (lreplace provide d d) <0>


	'sticky' code:

z# provide $x
    provide 'a b c d'
        declare provide 'a b c d'
            lreplace (lreplace provide 'a b c d' 'a b c d') <0>


	Above the implicite split shows.

	Come to think of it, this means that in function calls with
	position dependent parameter lists the new code means that
	spacefull data at a variable won't spill into wrong position
	in case the call happens without quoting string variables:

		$(funcall $var1 $var2 $var3)

	Following IFS-splitting looks quite ugly:
	(unmodified shell)

z# v1='dom ain';v2='plus tail';q=(1 2 3 4);routeuser $q $v2 $v1
    v1='dom ain'
?=1
    v2='plus tail'
?=1
    q=(1 2 3 4)
?=1
    routeuser (1 2 3 4) 'plus tail' tail 'dom ain' ain
        plustail2=''
        attributes (attributes (1 2 3 4)) <0>
        attr=4
        channel (channel (1 2 3 4)) <0>
        chan=1
        user (user (1 2 3 4)) <0>
        user=3
        key=3


	With 'sticky quotes' the thing looks like:

z# v1='dom ain';v2='plus tail';q=(1 2 3 4);routeuser $q $v2 $v1
    v1='dom ain'
    v2='plus tail'
    q=(1 2 3 4)
    routeuser (1 2 3 4) 'plus tail' 'dom ain'
        plustail2=''
        attributes (attributes (1 2 3 4)) <0>
        attr=4
        channel (channel (1 2 3 4)) <0>


	Ok, with this I am less worried about function bugs leaking in
	by omitting double-quotes from some important spot.
	(Actually even string-catenation 

	I just tried various ways to sneak in back-quotes ( `/bin/pwd` )
	which should cause calling of some (sub) function.  Nothing
	like that happened with non-modified shell.

	Only if the interpreted script has backquotes in it, then they
	cause the usual action (unmodified shell):

z# v1="`/bin/pwd`"; echo $v1
    (what /bin/pwd prints is at v1)
z# v2='`/bin/pwd`'; echo $v2
    v2='`/bin/pwd`'
z# v2='`/bin/pwd`'; v3=$v2; echo $v3
    v2='`/bin/pwd`'
    v3='`/bin/pwd`'
    echo `/bin/pwd`
`/bin/pwd`


	Therefore, the security worry about SMTP-server calling
	router, and feeding there bad input is not very generic.
	Unless the calling interface has a hole (should not),
	backticks are unable to effect anything.

		What have I missed ??

	Experimental SH-diffs are at  ftp://zmailer.org/zmailer/
	(and it isn't still any sort of official FTP site..)

-- 
/Matti Aarnio	<mea@nic.funet.fi>