Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Resolving security issues
PostPosted: Thu Nov 08, 2012 1:31 pm 

Joined: Thu Nov 08, 2012 9:41 am
Posts: 2
Dear Forum,

I am a new member here, but I use Singular with lots of joy since last year. I recently created SingularWebService (code.google.com/p/singularws/) to make it possible to run Singular commands remotely via HTTP, primarily for using it with GeoGebra (geogebra.org).

Today I learned that the
Code:
system("sh",...)
command may be a security hole in SingularWS. Thus I added the
Code:
--no-shell
command line option at github.com/kovzol/Sources/commit/9442e1298e604074c4cbc5643a8d965f59939b93 to prevent entering arbitrary shell command remotely. (SingularWebService is an anonymous service.)

If my change is acceptable for the developers, I would be happy if you could merge this enhancement to the official version.

Thank you and best regards,

Zoltán Kovács
Research Assistant at the Department of Mathematics Education
Johannes Kepler University Linz, Austria


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

It is currently Fri May 13, 2022 10:58 am
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group