Hi Duncan, I'd highly recommend using something like mueval: http://hackage.haskell.org/package/mueval In the setup you suggested malicious user can: 1) execute other processes (to create a remote shell using nc, or to try to exploit suid binaries), 2) do any network IO (to send spam for example), 3) read files readable to all users (kind of obvious, but /etc/passwd can be read by anyone on the system -- attackers can learn who uses the system, what services are running), 4) it allows access to loopback interface which it makes it very hard to firewall it properly. And this is only the stuff that came up to my mind in 5 minutes. Basically this setup is like giving anyone access to shell. Cheers, Mateusz On Thu, Feb 13, 2014 at 08:29:31AM +0000, Duncan Rowland wrote:
Dear All,
new to haskell, so this might be obvious, but...
I'm setting up a gallery installation (OSX) that exposes a command line haskell to the visitors. The process is run with user 'nobody', so hopefully that will be a bit safer, i.e.
cat visitor_commands_pipe | sudo -u nobody ghci -XOverloadedStrings
But how question are: 1) what sort of damage could a malicious user do to my system by entering commands into the pipe? 2) what should I do to protect my system? I can filter the user commands as I like, but I do not want to run 'in a webpage'.
Thanks in advance, -Duncan. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe