rejetto forum

Security considerations about macros

rejetto · 18 · 9845
« previous next »
Pages: 1 2

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #15 on: February 11, 2008, 11:45:11 AM
That method is not enough mars, because you could put this in a file
/}} my macros {{\
and your macros would be executed.
But I already took care of it, so don't worry.

Please don't post the compiled each time as attachment, we have a limited space for it.

I moved your second post to www.rejetto.com/forum/?topic=5641 because it was off topic here. I'll reply you there.

Quote
While with the Load macro, it is possible to charge a file of the arborescence of hfs, of the genre /template/myfile  as used by tsg .

If you wish a specific section of this file, it is not possible as is.

yes, this is true for every macro working with files, not only with section.
We'll make them support URIs as we know people needs it.
Do you need this with {{section}} ?

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #16 on: February 11, 2008, 10:52:26 PM
In the end i decide to leave the hfs.diff.tpl files working.
But put a hard-coded check to forbid upload of such files.  Doesn't matter if you change the upload filter to *.
To say it all, even "x hfs.diff.tpl y" will be forbidden, to avoid any possible trick.
This should not affect safety, and leave people an easy way to do things.


The new "safer" beta is almost ready. I'm working with TSG to get it working with RAWR as a proof of functionality, before i publish it.

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #17 on: February 14, 2008, 02:39:19 PM
I'm re-enabling macros inside the diff template dialog, in next beta.

As said elsewhere, the reason for forbidding was
Quote from: rejetto on February 13, 2008, 05:17:36 PM
that .vfs files (those where your virtual file system is saved) could become just like MS Word .doc, and carry malicious instructions.

Indeed, you load others' VFS files very rarely, i guess, but safety is crucial.
So, the new behaviour will be: when a macro is found inside the .vfs, i will warn the user
"This file contains macros.
If you got this file from someone else, then it's dangerous, because macros can delete files.
Abort loading?"

I guess you don't load vfs files very often, so this dialog won't bother that much.
And an inattentive user, who clicks YES everywhere, would just abort the loading instead of continuing in a risky operation.

I think this method is safe enough. I'm open to other opinions.

Pages: 1 2