[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Security in kross/ruby (was: Re: koffice/lib/kross)
From: Cyrille Berger <cberger () cberger ! net>
Date: 2005-12-16 22:44:43
Message-ID: 200512162344.43913.cberger () cberger ! net
[Download RAW message or body]
On Friday 16 December 2005 19:10, you wrote:
> On Friday 16 December 2005 16:20, Cyrille Berger wrote:
> > - add a check in configure for ruby header and if a program embedding a
> > ruby interpreter can be build - activate security in ruby
>
> whats the security implication of this?
I am not sure about you mean by your question, but Sebastian Sauer (main Kross
developer and kexi deveveloper) and me (ruby in kross and krita developer)
are fully aware that security is an important issue for scripting. It's more
a problem for kexi, as kexi allow embeding of scripts inside files, and krita
will not do it.
For python, kross uses the security manager of zope, but I don't know much
more about it, if you have any questions you will have to ask them to
Sebastian (mail@dipe.org).
So for ruby, the interpreter include some security features (I don't know if
they are sufficient), there are 5 levels :
safelevel = 0 No checking of the use of externally supplied (tainted) data is
performed. This is Ruby's default mode.
safelevel >= 1 Ruby disallows the use of tainted data by potentially
dangerous operations.
safelevel >= 2 Ruby prohibits the loading of program files from globally
writable locations.
safelevel >= 3 All newly created objects are considered tainted.
safelevel >= 4 Ruby effectively partitions the running program in two.
Nontainted objects may not be modified. Typically, this will be used to
create a sandbox: the program sets up an environment using a lower $SAFE
level, then resets $SAFE to 4 to prevent subsequent changes to that
environment.
In ruby "taint" means that an object is of an unreliable origin, I mean, for
instance data that come from kexi or krita would be considered as untaint.
And in the maximum level of security, the script access to files is
restricted to what kexi/krita/anyotherapp authorise.
More can be found at http://www.rubycentral.com/book/taint.html.
My only concern is that a script can change the $SAFE value, and I need to
know how to prevent that, or to check that a script can't set a lower value
of $SAFE.
And, by the way, as you may have note that the safety level is currently set
to 0 (meaning totaly unsafe), but will be raise to 4 by default in the final
release, the user might be offer to change the security level if he wants for
instance write to a file.
--
--- Cyrille Berger ---
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic