couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Joseph Davis (JIRA)" <>
Subject [jira] Updated: (COUCHDB-622) erlview sandboxing via parse transform
Date Sat, 09 Oct 2010 01:18:59 GMT


Paul Joseph Davis updated COUCHDB-622:

    Skill Level: New Contributors Level (Easy)

> erlview sandboxing via parse transform
> --------------------------------------
>                 Key: COUCHDB-622
>                 URL:
>             Project: CouchDB
>          Issue Type: Improvement
>            Reporter: Brian Candler
>            Priority: Minor
> I'm just adding this ticket so I don't forget about it.
> It's possible to improve the safety of the native erlang view server, just by doing a
simple walk of the parsed abstract form. I think all we need to do is forbid calls to functions
in all external modules m:f(), except for whitelisted modules (e.g. io_lib, lists) or specific
functions. We also need a whitelist of BIFs.
> Some care may be needed for imported functions - check if they are already expanded to
m:f() in the abstract form, or remain as f().
> My main concern is preventing things like os:cmd(). There are also many possible DoS
attacks, like atom exhaustion or spawning infinite numbers of processes. However, most view
definitions aren't going to need spawn() or list_to_atom(). A configurable whitelist could
be very tight by default, but still allow admins to allow any specific functions they need.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message