[
https://issues.apache.org/jira/browse/COUCHDB-622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Shorin updated COUCHDB-622:
-------------------------------------
Component/s: View Server Support
> erlview sandboxing via parse transform
> --------------------------------------
>
> Key: COUCHDB-622
> URL: https://issues.apache.org/jira/browse/COUCHDB-622
> Project: CouchDB
> Issue Type: Improvement
> Components: View Server Support
> Reporter: Brian Candler
> Priority: Minor
>
> I'm just adding this ticket so I don't forget about it.
> It's possible to improve the safety of the native erlang view server, just by
> doing a simple walk of the parsed abstract form. I think all we need to do is
> forbid calls to functions in all external modules m:f(), except for
> whitelisted modules (e.g. io_lib, lists) or specific functions. We also need
> a whitelist of BIFs.
> Some care may be needed for imported functions - check if they are already
> expanded to m:f() in the abstract form, or remain as f().
> My main concern is preventing things like os:cmd(). There are also many
> possible DoS attacks, like atom exhaustion or spawning infinite numbers of
> processes. However, most view definitions aren't going to need spawn() or
> list_to_atom(). A configurable whitelist could be very tight by default, but
> still allow admins to allow any specific functions they need.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
