summaryrefslogtreecommitdiff
path: root/doc/plugins
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2008-11-10 23:52:50 +0100
committerintrigeri <intrigeri@boum.org>2008-11-10 23:52:50 +0100
commite397888a77b10d96437754779062852f56d96765 (patch)
treef513fa436345ba850958dcf497a4774ff4bbdf20 /doc/plugins
parenta7d329c17312348d7511b48523fb54c18f8d4736 (diff)
po/doc: more security research results
Apart of the fuzzying part, I'm done with what I can do without help. The "Running po4a on untrusted content" section needs at least a quick glance from an experimented Perl programmer. Signed-off-by: intrigeri <intrigeri@boum.org>
Diffstat (limited to 'doc/plugins')
-rw-r--r--doc/plugins/po.mdwn32
1 files changed, 24 insertions, 8 deletions
diff --git a/doc/plugins/po.mdwn b/doc/plugins/po.mdwn
index e88cc3106..09df26394 100644
--- a/doc/plugins/po.mdwn
+++ b/doc/plugins/po.mdwn
@@ -281,14 +281,19 @@ an initial goal, and analysing in detail the possible issues.
##### Locale::Po4a modules
-- the modules we want to use have to be checked, as not all are safe
- (e.g. the LaTeX module's behaviour is changed by commands included
- in the content); they may use regexps generated from the content; we
- currently only use the `Text` module
-- the `Text` module does not run any external program
-- check that no module is loaded by `Chooser.pm`, when we tell it to
- load the `Text` one
-- `nsgmls` is used by `Sgml.pm`
+The modules we want to use have to be checked, as not all are safe
+(e.g. the LaTeX module's behaviour is changed by commands included in
+the content); they may use regexps generated from the content.
+
+`Chooser.pm` only loads the plugin we tell it too: currently, this
+means the `Text` module only.
+
+`Text` module (I checked the CVS version):
+
+- it does not run any external program
+- only `do_paragraph()` builds regexp's that expand untrusted
+ variables; they seem safe to me, but someone more expert than me
+ will need to check. Joey?
##### Text::WrapI18N
@@ -302,6 +307,13 @@ table manipulation tricks could work; overriding
`Locale::Po4a::Common::wrapi18n` may be easier. I'm no expert at all
in this field. Joey? [[--intrigeri]]
+> Update: Nicolas François suggests we add an option to po4a to
+> disable it. It would do the trick, but only for people running
+> a brand new po4a (probably too late for Lenny). Anyway, this option
+> would have to take effect in a `BEGIN` / `eval` that I'm not
+> familiar with. I can learn and do it, in case no Perl wizard
+> volunteers to provide the po4a patch. [[--intrigeri]]
+
##### Term::ReadKey
`Term::ReadKey` is not a hard dependency in our case, *i.e.* po4a
@@ -324,6 +336,10 @@ use in our case, I suggest we define `ENV{COLUMNS}` before loading
`Locale::Po4a::Common`, just to be on the safe side. Joey?
[[--intrigeri]]
+> Update: adding an option to disable `Text::WrapI18N`, as Nicolas
+> François suggested, would as a bonus disable `Term::ReadKey`
+> as well. [[--intrigeri]]
+
### msgmerge
`refreshpofiles()` runs this external program. A po4a developer