[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New option --sandbox (disables r/w/e commands)
From: |
Assaf Gordon |
Subject: |
New option --sandbox (disables r/w/e commands) |
Date: |
Mon, 25 Apr 2016 01:55:38 +0000 |
Hello,
I'd like to suggest a new option to sed: "sandbox" mode.
When used, programs containing the r/w/e commands are rejected without being
run.
This ensures that sed operates only on the file specified on the command-line,
and cannot affect the system.
Some background:
This feature is useful (in fact, required) when sed is used as web-based
service, in which users can specify the sed script they want to execute on a
given file.
Such a scenario is available in a commonly-used bioinformatics web-based
platform called "Galaxy" ( https://galaxyproject.org ).
Galaxy allows non-technically-savvy users to upload files, and run multitude of
programs on these files.
Among these programs, 'sed' and 'awk' and 'grep':
http://files.housegordon.org/imgs/galaxy-awk-tool.png
http://files.housegordon.org/imgs/galaxy-sed-tool.png
http://files.housegordon.org/imgs/galaxy-grep-tool.png
or to see it in action, visit https://usegalaxy.org/ and enter 'sed/awk/grep'
in the "search tools" box.
An identical option was added to GNU Awk in 2008
( in
http://git.savannah.gnu.org/cgit/gawk.git/commit/?id=40b3741f63c19e38077d57f4ce4737916ec5073e
,
search the log message for "sandbox" from 30-Dec-2008 ).
I suggested this option to sed off-list back in the day, but did not follow-up
on it (and sed's development has stalled for a while). So I've been maintaining
a separate patch against sed-4.1.5 and sed-4.2.2 since then.
I hope the code changes are minimal enough to be weighted positively against
the extra 'bloat'.
comments and suggestions welcomed.
regards,
- assaf
This electronic message is intended for the use of the named recipient only,
and may contain information that is confidential, privileged or protected from
disclosure under applicable law. If you are not the intended recipient, or an
employee or agent responsible for delivering this message to the intended
recipient, you are hereby notified that any reading, disclosure, dissemination,
distribution, copying or use of the contents of this message including any of
its attachments is strictly prohibited. If you have received this message in
error or are not the named recipient, please notify us immediately by
contacting the sender at the electronic mail address noted above, and destroy
all copies of this message. Please note, the recipient should check this email
and any attachments for the presence of viruses. The organization accepts no
liability for any damage caused by any virus transmitted by this email.
0001-sed-new-S-sandbox-option.patch
Description: 0001-sed-new-S-sandbox-option.patch
ATT00001.txt
Description: ATT00001.txt
- New option --sandbox (disables r/w/e commands),
Assaf Gordon <=