[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Erbot-cvs] erbot erbc2.el erbc5.el erbot.el ChangeLog
|
From: |
D. Goel |
|
Subject: |
[Erbot-cvs] erbot erbc2.el erbc5.el erbot.el ChangeLog |
|
Date: |
Mon, 27 Feb 2006 21:32:54 +0000 |
CVSROOT: /cvsroot/erbot
Module name: erbot
Branch:
Changes by: D. Goel <address@hidden> 06/02/27 21:32:54
Modified files:
. : erbc2.el erbc5.el erbot.el ChangeLog
Log message:
SECURITY FIX!! TO FS-APPLY AND FS-FUNCALL.
Also, add new variable erbot-paranoid-p meant as a catchall for
security.
This one variable, when non-nil (the default), will disable one and
every add-on potentially funny afterthought to the bot, like setf,
apply, funcall, sregex, even if those functions have been individually
turned on using their respective controlling variables.
From now on, fsbot will have this variable t as well, which means no
more apply or funcall. The basic sandboxing 'eval still remains. What
this change does is turn off all specially programmed afterthoughts
like setf
and apply.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/erbot/erbot/erbc2.el.diff?tr1=1.24&tr2=1.25&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/erbot/erbot/erbc5.el.diff?tr1=1.17&tr2=1.18&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/erbot/erbot/erbot.el.diff?tr1=1.47&tr2=1.48&r1=text&r2=text
http://cvs.savannah.gnu.org/viewcvs/erbot/erbot/ChangeLog.diff?tr1=1.37&tr2=1.38&r1=text&r2=text
Patches:
Index: erbot/ChangeLog
diff -u erbot/ChangeLog:1.37 erbot/ChangeLog:1.38
--- erbot/ChangeLog:1.37 Mon Feb 27 02:56:12 2006
+++ erbot/ChangeLog Mon Feb 27 21:32:54 2006
@@ -1,3 +1,14 @@
+2006-02-27 D Goel <address@hidden>
+
+ * erbc2.el (fs-apply): SECURITY FIX! Also, disable when
+ paranoid. Ditto for funcall.
+
+ * erbot.el (erbot-paranoid-p): Make this new variable a catchall
+ for security. t by default. No enablings like erbot-setf-p,
+ etc. will work unless this is non-nil. If this is non-nil, erbot
+ is paranoid, it will not allow apply, setf, funcall, sregex,
+ etc. even if the corresponding variables are turned on.
+
2006-02-26 Michael Olson <address@hidden>
* erbc.el (fs-flame): Concat multiple arguments together to form
@@ -81,7 +92,7 @@
2005-10-05 D Goel <address@hidden>
* erbot.el (erbot-join-servers): `erc-compute-port' seems to be
- undefined for my older ERC (4.0 $Revision: 1.37 $). So, I
+ undefined for my older ERC (4.0 $Revision: 1.38 $). So, I
reverted to old behavior when it is undefined. Did I do it right?
2005-10-05 Michael Olson <address@hidden>
Index: erbot/erbc2.el
diff -u erbot/erbc2.el:1.24 erbot/erbc2.el:1.25
--- erbot/erbc2.el:1.24 Fri Sep 2 19:24:59 2005
+++ erbot/erbc2.el Mon Feb 27 21:32:54 2006
@@ -1,5 +1,5 @@
;;; erbc2.el --- mostly: special functions for erbc.el
-;; Time-stamp: <2005-09-02 14:34:33 deego>
+;; Time-stamp: <2006-02-27 16:14:49 deego>
;; Copyright (C) 2003 D. Goel
;; Emacs Lisp Archive entry
;; Filename: erbc2.el
@@ -123,6 +123,8 @@
(defmacro fs-apply (fcnsym &rest args)
""
+ (when erbot-paranoid-p
+ (error "This function is disabled: erbot-paranoid-p"))
(unless fcnsym (error "No function to fs-apply!"))
(let (erbn-tmpargs
(erbn-tmplen (length args))
@@ -160,52 +162,54 @@
(t (error "No clue how to apply that. ")))
(cond
(erbn-tmpspecialp
- `(apply ,fcnsym nil))
+ `(apply (erblisp-sandbox-quoted ,fcnsym) nil))
(erbn-tmpnoinitialp
- `(apply ,fcnsym ,erbn-tmplastargs))
+ `(apply (erblisp-sandbox-quoted ,fcnsym) ,erbn-tmplastargs))
(t
- `(apply ,fcnsym ,@erbn-tmpargs ,erbn-tmplastargs)))))
+ `(apply (erblisp-sandbox-quoted ,fcnsym) ,@erbn-tmpargs
,erbn-tmplastargs)))))
-(defmacro fs-apply-old (fcnsym &rest args)
- (unless fcnsym (error "No function to fs-apply!"))
- (let (erbn-tmpargs
- (erbn-tmplen (length args))
- erbn-tmpnewargs
- )
- (cond
- ((null args)
- (setq erbn-tmpargs nil))
- (t
- (setq erbn-tmpargs
- (append (subseq args 0 (- erbn-tmplen 1))
- (last args)))))
+;; (defmacro fs-apply-old (fcnsym &rest args)
+;; (error "This function is old.")
+;; (unless fcnsym (error "No function to fs-apply!"))
+;; (let (erbn-tmpargs
+;; (erbn-tmplen (length args))
+;; erbn-tmpnewargs
+;; )
+;; (cond
+;; ((null args)
+;; (setq erbn-tmpargs nil))
+;; (t
+;; (setq erbn-tmpargs
+;; (append (subseq args 0 (- erbn-tmplen 1))
+;; (last args)))))
- (let* (
- (erbn-tmp-newargs (erbn-apply-sandbox-args erbn-tmpargs))
- (erbn-tmp-newlen (length erbn-tmp-newargs)))
- (cond
- ((listp fcnsym)
- (setq fcnsym (erblisp-sandbox-quoted fcnsym)))
- ((symbolp fcnsym)
- (setq fcnsym (erblisp-sandbox-quoted fcnsym)))
- (t (error "No clue how to apply that. ")))
- `(let ((erbn-tmp-avar ,fcnsym))
- (cond
- ((symbolp erbn-tmp-avar)
- (setq erbn-tmp-avar
- (erblisp-sandbox-quoted erbn-tmp-avar)))
- (t "nada"))
- ,(if (= erbn-tmp-newlen 0)
- `(apply erbn-tmp-avar nil)
- `(apply erbn-tmp-avar ,@erbn-tmp-newargs nil))))))
+;; (let* (
+;; (erbn-tmp-newargs (erbn-apply-sandbox-args erbn-tmpargs))
+;; (erbn-tmp-newlen (length erbn-tmp-newargs)))
+;; (cond
+;; ((listp fcnsym)
+;; (setq fcnsym (erblisp-sandbox-quoted fcnsym)))
+;; ((symbolp fcnsym)
+;; (setq fcnsym (erblisp-sandbox-quoted fcnsym)))
+;; (t (error "No clue how to apply that. ")))
+;; `(let ((erbn-tmp-avar ,fcnsym))
+;; (cond
+;; ((symbolp erbn-tmp-avar)
+;; (setq erbn-tmp-avar
+;; (erblisp-sandbox-quoted erbn-tmp-avar)))
+;; (t "nada"))
+;; ,(if (= erbn-tmp-newlen 0)
+;; `(apply erbn-tmp-avar nil)
+;; `(apply erbn-tmp-avar ,@erbn-tmp-newargs nil))))))
+
(defmacro fs-funcall (symbol &rest args)
`(fs-apply ,symbol ,@args nil))
-;; hm, WTF is this? Was it me? silly me.. Why did I do this??
+;; hm, what is this? Was it me? silly me.. Why did I do this??
(defalias 'fs-function 'identity)
(defvar erbn-read-mode nil)
Index: erbot/erbc5.el
diff -u erbot/erbc5.el:1.17 erbot/erbc5.el:1.18
--- erbot/erbc5.el:1.17 Tue Jan 10 15:34:16 2006
+++ erbot/erbc5.el Mon Feb 27 21:32:54 2006
@@ -1,5 +1,5 @@
;;; erbc5.el --- continuation of erbc.el
-;; Time-stamp: <2006-01-10 10:28:14 deego>
+;; Time-stamp: <2006-02-27 16:10:14 deego>
;; Copyright (C) 2003 D. Goel
;; Emacs Lisp Archive entry
;; Filename: erbc5.el
@@ -123,7 +123,7 @@
which is why turned off by default.
"
- (unless erbn-calc-p
+ (unless (and erbn-calc-p (not erbot-paranoid-p))
(error "Sorry, but i am a bot! not a calc!"))
(unless str (error "Eval what?"))
(unless (stringp str)
@@ -150,7 +150,7 @@
(defun fsi-sregex (&rest args)
(cond
- (erbn-sregex-p
+ ((and erbn-sregex-p (not erbot-paranoid-p))
(apply 'sregex args))
(t
(error "sregexp is disabled in this bot. "))))
Index: erbot/erbot.el
diff -u erbot/erbot.el:1.47 erbot/erbot.el:1.48
--- erbot/erbot.el:1.47 Sun Jan 1 09:35:06 2006
+++ erbot/erbot.el Mon Feb 27 21:32:54 2006
@@ -1,5 +1,5 @@
;;; erbot.el --- Another robot for ERC.
-;; Time-stamp: <2006-01-01 04:23:03 deego>
+;; Time-stamp: <2006-02-27 16:18:58 deego>
;; Emacs Lisp Archive entry
;; Filename: erbot.el
;; Package: erbot
@@ -121,6 +121,19 @@
(defalias 'erc-replace-regexp-in-string 'replace-regexp-in-string)
+(defvar erbot-paranoid-p t
+ " Meant as a CATCHALL for security. Setting this variable to non-nil
+should disable most features. When non-nil, all potentially funny
+functions are disabled. We think these functions are safe, but we
+disable them in any case.
+
+
+t by default. No enablings like erbot-setf-p, etc. will work
+unless this is non-nil. If this is non-nil, erbot is paranoid, it will
+not allow apply, setf, funcall, sregex, etc. even if the corresponding
+variables are turned on.")
+
+
(defun erbot-commentary ()
@@ -697,7 +710,8 @@
'erbot-autojoin-channels))
)
(erbot-install-symbols)
- (when erbot-setf-p (erbot-install-setf))
+ (when (and erbot-setf-p (not erbot-paranoid-p))
+ (erbot-install-setf))
)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Erbot-cvs] erbot erbc2.el erbc5.el erbot.el ChangeLog,
D. Goel <=