couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Security implications of erlview
Date Tue, 18 Aug 2009 15:27:37 GMT
Now that erlang views are included in couchdb - even though the .ini file
doesn't enable them by default and the server is bound to 127.0.0.1 - it
might be worth adding a red flag about the security issues. As far as I can
see there is no sandboxing, e.g. the following runs quite happily:

$ curl -X POST -d '{"language":"erlang","map":"fun({Doc}) -> F = fun(Port) -> receive
{Port, {data, Data}} -> Emit(null, list_to_binary(Data)) end end, F(open_port({spawn, \"/bin/ls
/tmp\"}, [stream])) end."}' 'http://127.0.0.1:5984/zzz/_temp_view'

So in effect, access to _temp_view is the same as giving shell access to the
box as the couchdb user. So it's necessary at least to configure access
controls to prevent non-admin users from accessing _temp_view and updating
_design docs.

Regards,

Brian.

Mime
View raw message