From 2c1feccd1736c5535251bc5a7f484b5f2c35b9fc Mon Sep 17 00:00:00 2001
From: hallgren <hallgren@chalmers.se>
Date: Thu, 3 Mar 2011 15:42:57 +0000
Subject: GF shell restricted mode

By setting the environment variable GF_RESTRICTED before starting GF, the shell
will be run in restricted mode. This will prevent the GF shell from starting
arbitrary system commands (most uses of System.Cmd.system are blocked) and
writing arbitrary files (most commands that use writeFile et al are blocked).

Restricted mode is intended minimize the potential security risks involved
in allowing public access to the GF shell over the internet. It should be used
in conjuction with system level protection mechanisms (e.g. file permissions)
to make sure that a publicly acessible GF shell does not give access to parts
of the system that should not be publicly accessible.
---
 src/compiler/GF/Command/Commands.hs | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

(limited to 'src/compiler/GF/Command/Commands.hs')

diff --git a/src/compiler/GF/Command/Commands.hs b/src/compiler/GF/Command/Commands.hs
index 1c4c1377f..bb075798c 100644
--- a/src/compiler/GF/Command/Commands.hs
+++ b/src/compiler/GF/Command/Commands.hs
@@ -45,7 +45,7 @@ import Data.Binary (encodeFile)
 import Data.List
 import Data.Maybe
 import qualified Data.Map as Map
-import System.Cmd
+--import System.Cmd(system) -- use GF.Infra.UseIO.restricedSystem instead!
 import Text.PrettyPrint
 import Data.List (sort)
 import Debug.Trace
@@ -172,8 +172,8 @@ allCommands env@(pgf, mos) = Map.fromList [
                  let view = optViewGraph opts
                  let format = optViewFormat opts 
                  writeUTF8File (file "dot") grph
-                 system $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
-                 system $ view ++ " " ++ file format
+                 restrictedSystem $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
+                 restrictedSystem $ view ++ " " ++ file format
                  return void
                else return $ fromString grph,
      examples = [
@@ -769,9 +769,9 @@ allCommands env@(pgf, mos) = Map.fromList [
      exec = \opts arg -> do
        let tmpi = "_tmpi" ---
        let tmpo = "_tmpo"
-       writeFile tmpi $ toString arg
+       restricted $ writeFile tmpi $ toString arg
        let syst = optComm opts ++ " " ++ tmpi
-       system $ syst ++ " <" ++ tmpi ++ " >" ++ tmpo 
+       restrictedSystem $ syst ++ " <" ++ tmpi ++ " >" ++ tmpo 
        s <- readFile tmpo
        return $ fromString s,
      flags = [
@@ -843,9 +843,9 @@ allCommands env@(pgf, mos) = Map.fromList [
            let file s = "_grphd." ++ s
            let view = optViewGraph opts
            let format = optViewFormat opts 
-           writeUTF8File (file "dot") grphs
-           system $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
-           system $ view ++ " " ++ file format
+           restricted $ writeUTF8File (file "dot") grphs
+           restrictedSystem $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
+           restrictedSystem $ view ++ " " ++ file format
            return void
           else return $ fromString grphs,
      examples = [
@@ -884,9 +884,9 @@ allCommands env@(pgf, mos) = Map.fromList [
            let file s = "_grph." ++ s
            let view = optViewGraph opts
            let format = optViewFormat opts 
-           writeUTF8File (file "dot") grph
-           system $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
-           system $ view ++ " " ++ file format
+           restricted $ writeUTF8File (file "dot") grph
+           restrictedSystem $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
+           restrictedSystem $ view ++ " " ++ file format
            return void
           else return $ fromString grph,
      examples = [
@@ -929,9 +929,9 @@ allCommands env@(pgf, mos) = Map.fromList [
            let file s = "_grph." ++ s
            let view = optViewGraph opts
            let format = optViewFormat opts 
-           writeUTF8File (file "dot") grph
-           system $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
-           system $ view  ++ " " ++ file format
+           restricted $ writeUTF8File (file "dot") grph
+           restrictedSystem $ "dot -T" ++ format ++ " " ++ file "dot" ++ " > " ++ file format
+           restrictedSystem $ view  ++ " " ++ file format
            return void
           else return $ fromString grph,
      examples = [
@@ -955,8 +955,8 @@ allCommands env@(pgf, mos) = Map.fromList [
      exec = \opts arg -> do
          let file = valStrOpts "file" "_gftmp" opts
          if isOpt "append" opts 
-           then appendFile file (toString arg)
-           else writeUTF8File file (toString arg)
+           then restricted $ appendFile file (toString arg)
+           else restricted $ writeUTF8File file (toString arg)
          return void,
      options = [
        ("append","append to file, instead of overwriting it")
-- 
cgit v1.2.3