Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary

From:	Max Nikulin
Subject:	Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Date:	Fri, 18 Aug 2023 17:56:58 +0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.14.0

On 18/08/2023 15:43, Ihor Radchenko wrote:

Max Nikulin writes:

#+begin_src sqlite :db '(literal "/tmp/ob.sqlite$(date
  >/tmp/ob-sqlite-vuln.log)")
    select 1
#+end_src


Handling lisp values in header arguments is much more general issue not
tied to ob-sql or even to running shell commands.

It should be addressed alongside with 
https://orgmode.org/list/87edsd5o89.fsf@localhost

Ihor, this is a list, not an expression to be evaluated. There are someconditions to avoid user prompts for strings, lists, etc. They areconsidered safe.

This particular case is handled namely by ob-sqlite and the proposedfunction in org-macs.

[Prev in Thread]

Current Thread

[Next in Thread]

[BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/11
- Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/13
  - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/17
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/18
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin <=
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/18
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/19
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/21
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/21
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/22
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/28
    - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Ihor Radchenko, 2023/08/29
    - [SECURITY] Shell expansion of babel header args (was: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands), Ihor Radchenko, 2023/08/21
  - Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands, Max Nikulin, 2023/08/17

Prev by Date: Re: org-assert-version considered harmful
Next by Date: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Previous by thread: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Next by thread: Re: [BUG][SECURITY] ob-sqlite header args allows execution of arbitrary shell commands
Index(es):
- Date
- Thread