weakforced icon indicating copy to clipboard operation
weakforced copied to clipboard
verified publisher icon PowerDNS

Restrict Lua includes to a whitelisted set of directories

Open neilcook opened this issue 9 years ago • 0 comments

  • Issue type: Security Feature request

Short description

Currently Lua can include files from anywhere in the filesystem, which is a possible attack vector e.g. Lua reading an auto-generated file in /tmp (although since we set private tmp that particular attack is actually not feasible). This requests that we use the system ReadWritePaths=, ReadOnlyPaths=, InaccessiblePaths= to protect pdns from these kinds of attacks. This should work so that we whitelist specific directories and all other directories cannot be "seen" by the process (assuming the above systems.exec commands can enable this). This doesn't stop an admin creating a world-writable directory underneath the whitelisted directories, but as lieter says, you can't guard against that kind of stupid. It does however stop admins from including Lua files from "anywhere" in the filesystem,.

neilcook avatar Feb 06 '17 14:02 neilcook