On 2021/06/29 19:11, Eli Schwartz wrote:
This is a ridiculous argument and you know it. You, personally, are
writing code which does not get used in security contexts, which is your
right. This in no way means that refusing to quote variables which
"cannot be word-split" stops *any* security errors. The "illegal input"
was not related to the security bypass (as Greg points out, removing the
space prevents word splitting and executes the same security bypass code).
Your response should have been:
More likely "is", if I needed security I wouldn't likely write in
a script language, but more like with audit, w/Biba integrity and
Bell-LaPadula sensitivity models that we planned to port to linux, I'd have
written it in 'C'.
Trix or Trusted IRIX was certified, for C2+ under the then, orange
book standard. Even had a 128-bit luid, which later implementers
changed to a less parallel 'loginuid', mainly for auditing.
I'd been presenting sgi's security plan at the linux security conference in
France, as well as some presentation in London. It seems I was good at
explaining what had been a confusing security model in the place of
my then manager. I wasn't good at politics, but my manager prided himself
on his bookshelf copy of Machiavelli's, 'The Prince' as having everything
a manager needed to know... among other things, for him to be able to
put a sensitivity+integrity Policy, 'SMACK' in the linux kernel.
Instead you are arguing in bad faith...
---
You are arguing about a 1-liner that took unfiltered output
from locate to search for keywords. You wanna work that up into
bad faith, good luck.
your code is flawed, it doesn't
correctly handle indexed arrays with spaces in the key and doesn't
forbid them either.
What are you talking about?
njobs() { printf ${1:+-v $1} "%s\n" "$(jobs |wc -l)"; }
I don't see any arrays, let alone indexed.
This won't protect against all code injections, of course;
---
It does in the target environment. The key is to look at the
security policy requirements and environment before going off and making
assumptions about "faith" that might bounce back when used for
design issues relating to a 1-line search expression.
