仅将“expect”限制为 stdin/stdout 交互

Question

TCL 安全翻译器可与expect.为了说明这一点，我创建了两个脚本：unsafe.exp代表用户提交的文件和safe.exp，它使用安全解释器来运行unsafe.exp。这是代码unsafe.exp：

#!/usr/bin/expect
spawn whoami
expect {
    "user" { send_user "safe success\n" }
    "root" { send_user "unsafe success\n" }
}

运行结果unsafe.exp为root

# expect unsafe.exp
spawn whoami
root
unsafe success

现在，safe.exp将阻止用户使用等危险命令spawn，同时仍提供对send和等基本功能的访问expect。这是代码：

#!/usr/bin/expect

# create a safe interpreter
interp create -safe untrusted

# provide it with essetial expect functions
interp alias untrusted send_user {} send_user
interp alias untrusted send {} send
interp alias untrusted expect {} expect
interp alias untrusted interact {} interact

# censor the "spawn" function
# not providing it would be just as safe, but scripts using it would fail
proc safe_spawn {args} {
    puts "censored spawn"
}
interp alias untrusted spawn {} safe_spawn

# create a safe process to interact with
spawn sudo -u user whoami

# run unsafe.exp
untrusted invokehidden source unsafe.exp

以 root 身份运行safe.exp会导致

# expect safe.exp
spawn sudo -u user whoami
censored spawn
user
safe success

Answer 1

TCL 安全翻译器可与expect.为了说明这一点，我创建了两个脚本：unsafe.exp代表用户提交的文件和safe.exp，它使用安全解释器来运行unsafe.exp。这是代码unsafe.exp：

#!/usr/bin/expect
spawn whoami
expect {
    "user" { send_user "safe success\n" }
    "root" { send_user "unsafe success\n" }
}

运行结果unsafe.exp为root

# expect unsafe.exp
spawn whoami
root
unsafe success

现在，safe.exp将阻止用户使用等危险命令spawn，同时仍提供对send和等基本功能的访问expect。这是代码：

#!/usr/bin/expect

# create a safe interpreter
interp create -safe untrusted

# provide it with essetial expect functions
interp alias untrusted send_user {} send_user
interp alias untrusted send {} send
interp alias untrusted expect {} expect
interp alias untrusted interact {} interact

# censor the "spawn" function
# not providing it would be just as safe, but scripts using it would fail
proc safe_spawn {args} {
    puts "censored spawn"
}
interp alias untrusted spawn {} safe_spawn

# create a safe process to interact with
spawn sudo -u user whoami

# run unsafe.exp
untrusted invokehidden source unsafe.exp

以 root 身份运行safe.exp会导致

# expect safe.exp
spawn sudo -u user whoami
censored spawn
user
safe success

仅将“expect”限制为 stdin/stdout 交互

答案1

相关内容