Scripts at /etc/qubes-rpc/ inside VMs
7 views
Skip to first unread message
David Hobach
Jul 24, 2021, 2:36:08 AM7/24/21
to qubes-devel
Dear devs,
do I understand it correctly that all those scripts may have a totally untrusted stdin coming from a different VM?
If so, I wonder why they are doing so little input sanitization? Is there some default sanitization by qrexec in place?
In particular those scripts don't look like they're defending against binary input in any way (bash & sh are bad at that). So a fuzzer would likely produce some interesting results.
For example even simple string comparisons with binary data in bash [[ "$binary" == "some test" ]] shouldn't be relied upon from my experience (and most devs forget the "" escaping anyway). Calling other programs with potential binary arguments may of course trigger bugs in those etc.
Best Regards
David
do I understand it correctly that all those scripts may have a totally untrusted stdin coming from a different VM?
If so, I wonder why they are doing so little input sanitization? Is there some default sanitization by qrexec in place?
In particular those scripts don't look like they're defending against binary input in any way (bash & sh are bad at that). So a fuzzer would likely produce some interesting results.
For example even simple string comparisons with binary data in bash [[ "$binary" == "some test" ]] shouldn't be relied upon from my experience (and most devs forget the "" escaping anyway). Calling other programs with potential binary arguments may of course trigger bugs in those etc.
Best Regards
David
Reply all
Reply to author
Forward
0 new messages