Sandbox implementation, attempt #2
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
- Subject: Sandbox implementation, attempt #2
- From: "David F" <kumpuu@...>
- Date: 2017年3月19日 02:56:17 +0100
On 19/03/17 02:27 AM, Kat Kioo wrote:
>In general you should just remove the functions at compile time instead of removing at runtime in the vm. Another thing that you might consider a security ossue is your makesafeph function. In general it is not as simple as a few regex replaces.
 
Not really sure how to imagine the first part. Sounds complicated.
makeSafePath does not use regex. It checks for a relative path that escapes its parent directory (".."), if it doesn't the user dir is prefixed and the result returned. I tried finding out if there is anything else special going on with paths under windows, but the best I could find was a msdn article that didn't reveal anything new. When fed with an absolute path the function should return an invalid path. I'll probably do check for that and just return nil.
--David
- References:
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Soni L.
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Soni L.
- Sandbox implementation, attempt #2, David F
- Re: Sandbox implementation, attempt #2, Kat Kioo