Re: [Plash] Use Case Plash

plash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Use Case Plash

From:	Mark Seaborn
Subject:	Re: [Plash] Use Case Plash
Date:	Wed, 15 Oct 2008 15:59:58 +0100 (BST)

Gregory Tappero <address@hidden> wrote:

> I am new to plash and i was wondering if the following use case is a
> good fit for plash.
> I would like to put Gnuplot as component of a webservice without the
> potentially dangerous system calls, as gnuplot > system 'rm -rf /' or
> other havocs.

That sounds like a good use case.  If Gnuplot turns out to have
vulnerabilities which are exploited by an attacker, the attacker
should only get access to whatever Gnuplot has been granted access to.
Gnuplot is quite old and written in C so I would not be surprised if
it has buffer overrun vulnerabilities.

A caveat is that Plash does not yet restrict access to the network so
a successful attacker could connect to hosts inside your firewall.

Mark

[Prev in Thread]

Current Thread

[Next in Thread]

[Plash] Use Case Plash, Gregory Tappero, 2008/10/08
- Re: [Plash] Use Case Plash, Mark Seaborn <=
  - Re: [Plash] Use Case Plash, John McCabe-Dansted, 2008/10/15
  - Re: [Plash] Use Case Plash, John McCabe-Dansted, 2008/10/15

Prev by Date: [Plash] Use Case Plash
Next by Date: Re: [Plash] Use Case Plash
Previous by thread: [Plash] Use Case Plash
Next by thread: Re: [Plash] Use Case Plash
Index(es):
- Date
- Thread