You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi. The files scripts app is quite powerful and potentially may bring harm unintentionally due to bad programming.
My assumption is when a script runs some shell command connected with file/folder/device operations, and the value field is open text, that means that a user may submit the value in the manner that it will become a parameter for that command.
Eg command='rm %s', and %s is a value submitted by user. A user may submit `-f /home/alice/*' instead of a name of the file, or
command='cp %a %b' to copy data from one folder to another. A user may potentially submit ; rm -rf /home/alice to the text value field as the second option.
Is that possible to provide a special function which may check scripts for potential vulnerability for the systems if that scripts are run?
The text was updated successfully, but these errors were encountered:
Hi. The files scripts app is quite powerful and potentially may bring harm unintentionally due to bad programming.
My assumption is when a script runs some shell command connected with file/folder/device operations, and the value field is open text, that means that a user may submit the value in the manner that it will become a parameter for that command.
Eg
command='rm %s', and%sis a value submitted by user. A user may submit `-f /home/alice/*' instead of a name of the file, orcommand='cp %a %b'to copy data from one folder to another. A user may potentially submit; rm -rf /home/aliceto the text value field as the second option.Is that possible to provide a special function which may check scripts for potential vulnerability for the systems if that scripts are run?
The text was updated successfully, but these errors were encountered: