diff options
author | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-03 15:39:15 +0000 |
---|---|---|
committer | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-04-03 15:39:15 +0000 |
commit | 13722d7b7656f84a95a43db1d6e2fc0b5828c8d9 (patch) | |
tree | c5663a56f3bedb1009a433a65faa2d4d1a9cab99 /doc/todo | |
parent | 98eb183cf78113e82b32f895a58008ed1c79a8fd (diff) |
web commit by WillThompson: Safety of arbitrary regexen
Diffstat (limited to 'doc/todo')
-rw-r--r-- | doc/todo/mailnotification.mdwn | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/todo/mailnotification.mdwn b/doc/todo/mailnotification.mdwn index 5aae98894..858141008 100644 --- a/doc/todo/mailnotification.mdwn +++ b/doc/todo/mailnotification.mdwn @@ -13,6 +13,24 @@ Should support mail notification of new and changed pages. Joey points out that this is actually a security hole, because Perl regexes let you embed (arbitrary?) Perl expressions inside them. Yuck! +(This is not actually true unless you "use re 'eval';", without which +(?{ code }) is disabled for expressions which interpolate variables. +See perldoc re, second paragraph of DESCRIPTION. It's a little iffy +to allow arbitrary regexen, since it's fairly easy to craft a regular +expression that takes unbounded time to run, but this can be avoided +with the use of alarm to add a time limit. Something like + + eval { # catches invalid regexen + no re 'eval'; # to be sure + local $SIG{ALRM} = sub { die }; + alarm(1); + ... stuff involving m/$some_random_variable/ ... + alarm(0); + }; + if ($@) { ... handle the error ... } + +should be safe. --[[WillThompson]]) + It would also be good to be able to subscribe to all pages except discussion pages or the SandBox: `* !*/discussion !sandobx`, maybe --[[Joey]] 3. Of course if you do that, you want to have form processing on the user |