[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Plash] Use Case Plash
From: |
John McCabe-Dansted |
Subject: |
Re: [Plash] Use Case Plash |
Date: |
Thu, 16 Oct 2008 09:13:44 +0700 |
On Wed, Oct 15, 2008 at 9:59 PM, Mark Seaborn <address@hidden> wrote:
> Gregory Tappero <address@hidden> wrote:
>
>> I am new to plash and i was wondering if the following use case is a
>> good fit for plash.
>> I would like to put Gnuplot as component of a webservice without the
>> potentially dangerous system calls, as gnuplot > system 'rm -rf /' or
>> other havocs.
>
> That sounds like a good use case. If Gnuplot turns out to have
> vulnerabilities which are exploited by an attacker, the attacker
> should only get access to whatever Gnuplot has been granted access to.
> Gnuplot is quite old and written in C so I would not be surprised if
> it has buffer overrun vulnerabilities.
Gnuplot is insecure by design. I understand that the maintainers are
not even interested in creating a secure version. Verifying Gnuplot is
almost as hard as C, see e.g.
http://www.ma.utexas.edu/pipermail/maxima/2007/005614.html
There was a discussion of adding Gnuplot to LyX but it was rejected
due to the security issues. Plash would have helped somewhat but LyX
is multiplatform. There was a suggestion that using something like
systrace to block the exec syscall might have helped.
--
John C. McCabe-Dansted
PhD Student
University of Western Australia