From 84fae1b2155b0764ec62df038804a0d6c40086d9 Mon Sep 17 00:00:00 2001 From: Robert Daniel Kortschak Date: Mon, 17 Mar 2014 16:57:36 +1100 Subject: [PATCH] go.tools/playground: provide script-safe option for playground This change allows code to be sent safely to a partially sandboxed playground using the Native Client environment. Execution of non-Go code is blocked when the RunScripts is false to prevent inclusion of code that might escape by virtue of being under a different runtime environment. Two options for communicating whether to prevent non-Go code were considered: as has been done here and alternatively, using a message field. The latter was not chosen to close that as an attack option. Another will be follow that adds a -nacl flag to the present command to allow sandboxing of playground code in presentations. See discussion here: https://groups.google.com/d/topic/golang-dev/Hy-7PBP-T4Q/ LGTM=adg R=adg, dave CC=golang-codereviews https://golang.org/cl/74740045 --- playground/socket/socket.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/playground/socket/socket.go b/playground/socket/socket.go index e567243545..66689a4f71 100644 --- a/playground/socket/socket.go +++ b/playground/socket/socket.go @@ -35,6 +35,10 @@ import ( "code.google.com/p/go.net/websocket" ) +// RunScripts specifies whether the socket handler should execute shell scripts +// (snippets that start with a shebang). +var RunScripts = true + // Handler implements a WebSocket handler for a client connection. var Handler = websocket.Handler(socketHandler) @@ -141,7 +145,7 @@ func startProcess(id, body string, out chan<- *Message, opt *Options) *process { done: make(chan struct{}), } var err error - if path, args := shebang(body); path != "" { + if path, args := shebang(body); RunScripts && path != "" { err = p.startProcess(path, args, body) } else { err = p.start(body, opt)