hoodwink.d enhanced


DRb & instance_eval #

by why in inspect

There is a nice, little, documented security hole in DRb. Hopefully this’ll help us all remember the importance of $SAFE in our lives.

The DRb manual illustrates with the following code:

 ro = DRbObject::new_with_uri("druby://your.server.com:8989")
 class << ro
   undef :instance_eval  # force call to be passed to remote object
 ro.instance_eval("`rm -rf *`")

So this nugget exposes the unflavoured DRb service to injection of any arbitrary code. Many of you would probably question the legitimacy of leaving a hole like this open. But see: the answer is to give $SAFE = 1, which can’t be a default, can it?

So, if you’re out tinkering with DRb: untaint wisely.

said on 31 Dec 2004 at 16:34
I think the answer should be having DRb::MinimumObject and letting services and undumped Objects inherit from it. Those would then automatically not have any dangerous methods.
said on 08 Feb 2005 at 08:43

oops! I found it now.

Comments are closed for this entry.