| Type | Bug | Status | tested | Date | 27-Oct-2010 02:30 |
|---|---|---|---|---|---|
| Version | alpha 108 | Category | Security | Submitted by | BrianH |
| Platform | All | Severity | minor | Priority | high |
| Summary | You can spoof the name of a module imported by word! name |
|---|---|
| Description |
If you import a module by specifying its name as a word!, and the module isn't already imported, it constructs a filename from the word and looks for that file in the library paths. However, once that module is found it can have a different name in its header than the name you are looking for. This trick will import the module with a different name, which can be used to inject unexpected modules into the system. The new module system has support for renaming on load. I suggest that IMPORT should use that option to rename the loaded module to the name that is being imported, just in case. A nice side effect of this would be to make unnamed (in their source) modules reusable without having to reload them. Normally you need a name with which to refer to them, to put them in the system modules list. This gives them one. Note: This ticket is not a dup of #1177. We made the same error again with a new module system. We have a better solution this time though. |
| Example code |
; %foo.reb: REBOL [name: bar] print "(evil laugh)" ; Current behavior: >> select spec-of import 'foo 'name == 'bar >> found? find system/modules 'foo == false ; Desired behavior >> select spec-of import 'foo 'name == 'foo >> found? find system/modules 'foo == true |
| Assigned to | n/a | Fixed in | alpha 110 | Last Update | 2-Nov-2010 07:07 |
|---|
| Comments | |
|---|---|
|
(0002680)
Carl 27-Oct-2010 04:41 |
We will want to keep this simple to avoid confusion. If I IMPORT 'foo then the name should also be 'foo. Otherwise, the programmer can use a filename. |
| Date | User | Field | Action | Change |
|---|---|---|---|---|
| 2-Nov-2010 07:07 | BrianH | Status | Modified | built => tested |
| 1-Nov-2010 19:42 | BrianH | Fixedin | Modified | => alpha 110 |
| 1-Nov-2010 19:42 | BrianH | Status | Modified | pending => built |
| 28-Oct-2010 12:06 | BrianH | Status | Modified | reviewed => pending |
| 27-Oct-2010 05:47 | BrianH | Description | Modified | - |
| 27-Oct-2010 04:41 | carl | Comment : 0002680 | Added | - |
| 27-Oct-2010 04:39 | carl | Description | Modified | - |
| 27-Oct-2010 04:39 | carl | Code | Modified | - |
| 27-Oct-2010 04:39 | carl | Status | Modified | submitted => reviewed |
| 27-Oct-2010 02:30 | BrianH | Ticket | Added | - |