Singular :: Post a reply

Forum FAQ

Forum Search

Back to Forum | View unanswered posts | View active topics

Resolving security issues

Post a reply

Username:

Note:

If not registered, provide any username. For more comfort, register here.

Subject:

Message body:
Enter your message here, it may contain no more than 60000 characters.

Smilies

Font size:
	Font colour
[quote="kovzol"]Dear Forum, I am a new member here, but I use Singular with lots of joy since last year. I recently created SingularWebService (code.google.com/p/singularws/) to make it possible to run Singular commands remotely via HTTP, primarily for using it with GeoGebra (geogebra.org). Today I learned that the [code]system("sh",...)[/code] command may be a security hole in SingularWS. Thus I added the [code]--no-shell[/code] command line option at github.com/kovzol/Sources/commit/9442e1298e604074c4cbc5643a8d965f59939b93 to prevent entering arbitrary shell command remotely. (SingularWebService is an anonymous service.) If my change is acceptable for the developers, I would be happy if you could merge this enhancement to the official version. Thank you and best regards, Zoltán Kovács Research Assistant at the Department of Mathematics Education Johannes Kepler University Linz, Austria[/quote]

Options:

BBCode is ON

[img] is ON

[flash] is OFF

[url] is ON

Smilies are ON

	Disable BBCode
	Disable smilies
	Do not automatically parse URLs

Confirmation of post

To prevent automated posts the board requires you to enter a confirmation code. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.

Confirmation code:
Enter the code exactly as it appears. All letters are case insensitive, there is no zero.

Topic review - Resolving security issues

Author

Message

kovzol

Post subject:

Resolving security issues

Dear Forum,

I am a new member here, but I use Singular with lots of joy since last year. I recently created SingularWebService (code.google.com/p/singularws/) to make it possible to run Singular commands remotely via HTTP, primarily for using it with GeoGebra (geogebra.org).

Today I learned that the

Code:

system("sh",...)

command may be a security hole in SingularWS. Thus I added the

Code:

--no-shell

command line option at github.com/kovzol/Sources/commit/9442e1298e604074c4cbc5643a8d965f59939b93 to prevent entering arbitrary shell command remotely. (SingularWebService is an anonymous service.)

If my change is acceptable for the developers, I would be happy if you could merge this enhancement to the official version.

Thank you and best regards,

Zoltán Kovács
Research Assistant at the Department of Mathematics Education
Johannes Kepler University Linz, Austria

Posted: Thu Nov 08, 2012 1:31 pm

It is currently Fri May 13, 2022 10:56 am

Singular

Resolving security issues

Main

Community

System

Misc