po/doc: more security research results
Apart of the fuzzying part, I'm done with what I can do without help. The "Running po4a on untrusted content" section needs at least a quick glance from an experimented Perl programmer. Signed-off-by: intrigeri <intrigeri@boum.org>master
intrigeri
parent
a7d329c173
commit
e397888a77
|
|
@ -281,14 +281,19 @@ an initial goal, and analysing in detail the possible issues.
|
||||||
|
|
||||||
##### Locale::Po4a modules
|
##### Locale::Po4a modules
|
||||||
|
|
||||||
- the modules we want to use have to be checked, as not all are safe
|
The modules we want to use have to be checked, as not all are safe
|
||||||
(e.g. the LaTeX module's behaviour is changed by commands included
|
(e.g. the LaTeX module's behaviour is changed by commands included in
|
||||||
in the content); they may use regexps generated from the content; we
|
the content); they may use regexps generated from the content.
|
||||||
currently only use the `Text` module
|
|
||||||
- the `Text` module does not run any external program
|
`Chooser.pm` only loads the plugin we tell it too: currently, this
|
||||||
- check that no module is loaded by `Chooser.pm`, when we tell it to
|
means the `Text` module only.
|
||||||
load the `Text` one
|
|
||||||
- `nsgmls` is used by `Sgml.pm`
|
`Text` module (I checked the CVS version):
|
||||||
|
|
||||||
|
- it does not run any external program
|
||||||
|
- only `do_paragraph()` builds regexp's that expand untrusted
|
||||||
|
variables; they seem safe to me, but someone more expert than me
|
||||||
|
will need to check. Joey?
|
||||||
|
|
||||||
##### Text::WrapI18N
|
##### Text::WrapI18N
|
||||||
|
|
||||||
|
|
@ -302,6 +307,13 @@ table manipulation tricks could work; overriding
|
||||||
`Locale::Po4a::Common::wrapi18n` may be easier. I'm no expert at all
|
`Locale::Po4a::Common::wrapi18n` may be easier. I'm no expert at all
|
||||||
in this field. Joey? [[--intrigeri]]
|
in this field. Joey? [[--intrigeri]]
|
||||||
|
|
||||||
|
> Update: Nicolas François suggests we add an option to po4a to
|
||||||
|
> disable it. It would do the trick, but only for people running
|
||||||
|
> a brand new po4a (probably too late for Lenny). Anyway, this option
|
||||||
|
> would have to take effect in a `BEGIN` / `eval` that I'm not
|
||||||
|
> familiar with. I can learn and do it, in case no Perl wizard
|
||||||
|
> volunteers to provide the po4a patch. [[--intrigeri]]
|
||||||
|
|
||||||
##### Term::ReadKey
|
##### Term::ReadKey
|
||||||
|
|
||||||
`Term::ReadKey` is not a hard dependency in our case, *i.e.* po4a
|
`Term::ReadKey` is not a hard dependency in our case, *i.e.* po4a
|
||||||
|
|
@ -324,6 +336,10 @@ use in our case, I suggest we define `ENV{COLUMNS}` before loading
|
||||||
`Locale::Po4a::Common`, just to be on the safe side. Joey?
|
`Locale::Po4a::Common`, just to be on the safe side. Joey?
|
||||||
[[--intrigeri]]
|
[[--intrigeri]]
|
||||||
|
|
||||||
|
> Update: adding an option to disable `Text::WrapI18N`, as Nicolas
|
||||||
|
> François suggested, would as a bonus disable `Term::ReadKey`
|
||||||
|
> as well. [[--intrigeri]]
|
||||||
|
|
||||||
### msgmerge
|
### msgmerge
|
||||||
|
|
||||||
`refreshpofiles()` runs this external program. A po4a developer
|
`refreshpofiles()` runs this external program. A po4a developer
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue