Brewster Kahle <brewster@Think.COM> writes: * * Scott, * * There seems to be a problem with swais, could you please explain? * * We have been running it under a chroot for over a year now with no known * problems. I am the project leader of WAIS and oversaw its development, so * I would like to make sure this problem is understood and extinguished. * * John Curran of NNSC wrote the original version, Jonathan has been the * maintainer of it and extender. * * Just to take a guess, are you running it for public login without doing a * chroot? * * -brewster Hi all, Mark Kosters from GSI notified us of the problem. Using swais you can pipe the output of a search into any command. You can do this by typing 'c' or '|' on the output of a search. Since we are running swais as a public service for people without their own wais client this can be quite harmful. Mark demonstrated that he could start a shell, list /etc/passwd and so on. We are running swais under userID nobody, so too much harm cannot be done, but still, we decided to disable the 'c' and '|' keys as commands. We are running the thing without a chroot though. The offending parts can be found in screen_ui.c. This is however with wais-8-b4, don't know about b5. Commenting out: case '|' : ; case 'c' : pipe_command(question); state=UNKNOWN; return(SHOWRESULTS); in screen_ui.c does the trick, as far as we can see. It would be nice if there was a compile time option to switch to swais in "safe" mode, like some pagers have. Also if you are offering this as a public service, make sure that the pipe commands and shell escapes in the pager swais uses are disabled ... Cheers, -Marten ------------------------------------------------------------------------------ Marten Terpstra | RIPE Network Coordination Centre phone: +31 20 592 5065 | PO BOX 41882, fax: +31 20 592 5090 | NL-1098 SJ Amsterdam, Internet: marten@ripe.net | The Netherlands ------------------------------------------------------------------------------