[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Plash] Use Case Plash
From: |
Mark Seaborn |
Subject: |
Re: [Plash] Use Case Plash |
Date: |
Wed, 15 Oct 2008 15:59:58 +0100 (BST) |
Gregory Tappero <address@hidden> wrote:
> I am new to plash and i was wondering if the following use case is a
> good fit for plash.
> I would like to put Gnuplot as component of a webservice without the
> potentially dangerous system calls, as gnuplot > system 'rm -rf /' or
> other havocs.
That sounds like a good use case. If Gnuplot turns out to have
vulnerabilities which are exploited by an attacker, the attacker
should only get access to whatever Gnuplot has been granted access to.
Gnuplot is quite old and written in C so I would not be surprised if
it has buffer overrun vulnerabilities.
A caveat is that Plash does not yet restrict access to the network so
a successful attacker could connect to hosts inside your firewall.
Mark