rejetto forum
Software => HFS ~ HTTP File Server => Bug reports => Topic started by: Mars on February 09, 2010, 12:11:53 PM
-
[special:alias]
get={:set item|/|hide tree=1|comment=you should never see this!:}
add this section into your template and open your browser with root.
The problem appears because alias can replace the macro existing, the only means to avoid an impersonation is to apply alias only when no macro valid corresponds.
function cbMacros(fullMacro:string; pars:Tstrings; cbData:pointer):string;
label exitCbMacros;
var
md: ^TmacroData;
name, p: string;
....
if pars.Count < 1 then goto exitCbMacros; // from here, only macros with parameters
....
if pars.Count < 2 then goto exitCbMacros; // from here, only macros with parameters
....
if pars.Count < 3 then goto exitCbMacros; // from here, only macros with parameters
....
if pars.Count < 4 then goto exitCbMacros; // from here, only macros with parameters
if name = 'for' then
for_();
exitCbMacros:
// begin moved inside CbMacros
// handle aliases
if assigned(md.aliases) then
begin
s:=md.aliases.values[name];
if s > '' then
begin
if not AnsiStartsStr(MARKER_OPEN, s) then
s:=MARKER_OPEN+s+MARKER_CLOSE;
call(s, 0);
exit;
end;
end;
// end moved inside CbMacros
finally
if mainfrm.macrosLogChk.checked then
appendFile(MACROS_LOG_FILE, TAB+'> '+fullMacro+CRLF+TAB+'< '+result+CRLF+CRLF)
end;
except
if mainfrm.macrosLogChk.checked then
appendFile(MACROS_LOG_FILE, TAB+'> '+fullMacro+CRLF+TAB+'< Exception, please report this bug on www.rejetto.com/forum/'+CRLF+CRLF);
result:='';
end;
end; // cbMacros
-
if you run a script you don't trust, it may destroy the files on your hard disk.
scripts must be trusted.
so, i don't see your case as a problem. i see it instead as a possible tool: if you want to disable a specific command temporarily, you can.
-
so, i don't see your case as a problem. i see it instead as a possible tool: if you want to disable a specific command temporarily, you can.
I see in your choice as a fault of possible safety(security), if by publishing(editing) a template we are not careful to verify that alias do not replace macro in a illicit way (by hostility), then I cannot trust to a tpl. I do not believe that even there php it is possible.
Alias is there not to have to use the variables of type {.set|alias|{: $1 $2 $3 ... $40:}.}with {.^alias.} , the macro existing have to keep their primary function but not be surchargeables.
I did not verify, but is not there also a risk of recursion with alias?
[special:alias]
recur=recur|hello $1 -->>>> {.recur|rejetto.} --->>'infinite loop'
but this work correctly
[special:alias]
recur=recur|hello -->>>> {.recur|rejetto.} ---->>>>>> hello
{.recur|rejetto.}
-
i remember having put a check to avoid infinite recursion. i hope it's working :P
I see in your choice as a fault of possible safety(security), if by publishing(editing) a template we are not careful to verify that alias do not replace macro in a illicit way (by hostility), then I cannot trust to a tpl.
i don't fully understand your trust problem.
any script/template can destroy your hard disk and send personal data over the network to your attacker.
and all of this without replacing any existing macro.
macros ARE dangerous if written by someone else.
that's why i tried to restrict where the macros can come from.
how can you say that we would be safer than this if "replacing" was not allowed ?
sounds like making a car safer by wearing a sweater.