The open opcode
Jonathan Leto
jaleto at gmail.com
Fri Apr 23 01:03:44 UTC 2010
Howdy,
> The deeper problem here is that monkeypatching File/FileHandle isn't really
> the right solution to secure I/O.
I totally agree with you, but I prefer to call it "duck punching." ;)
> Allison
I have attached a small patch that allows me to secure PL/Parrot
against the open opcode. It comes at the cost of a single
Parrot_PMC_typenum(interp,"FileHandle") lookup, per call of the open
opcode, which is an extremely tiny performance hit and unbreaks
encapsulation.
If you compile Parrot with the attached patch, then run
intercept_io.pir, you will see that all IO calls are properly
intercepted. This script can easily be turned into a test to verify
that the "feature" I am adding works as expected and continues to
work, since PL/Parrot will depend on it.
I fully intend to continue working on improving the security of
Parrot, but this tiny step allows PL/Parrot to be considered for
deployment into production systems and gives Parrot an entirely new
niche to thrive in.
I would greatly appreciate the comments of my fellow Parrot hackers as
to whether this patch (with tests) can be applied.
Duke
--
Jonathan "Duke" Leto
jonathan at leto.net
http://leto.net
-------------- next part --------------
Index: src/io/api.c
===================================================================
--- src/io/api.c (revision 45823)
+++ src/io/api.c (working copy)
@@ -122,25 +122,26 @@
ASSERT_ARGS(Parrot_io_open)
PMC *new_filehandle, *filehandle;
INTVAL flags;
+ INTVAL typenum = Parrot_PMC_typenum(interp,"FileHandle");
if (PMC_IS_NULL(pmc)) {
/* TODO: We should look up the HLL mapped type, instead of always
using FileHandle here */
- new_filehandle = Parrot_pmc_new(interp, enum_class_FileHandle);
- PARROT_ASSERT(new_filehandle->vtable->base_type == enum_class_FileHandle);
+ new_filehandle = Parrot_pmc_new(interp, typenum);
+ PARROT_ASSERT(new_filehandle->vtable->base_type == typenum);
}
else
new_filehandle = pmc;
flags = Parrot_io_parse_open_flags(interp, mode);
- if (new_filehandle->vtable->base_type == enum_class_FileHandle) {
+ if (new_filehandle->vtable->base_type == typenum) {
/* TODO: StringHandle may have a null path, but a filehandle really
shouldn't allow that. */
- PARROT_ASSERT(new_filehandle->vtable->base_type == enum_class_FileHandle);
+ PARROT_ASSERT(new_filehandle->vtable->base_type == typenum);
filehandle = PIO_OPEN(interp, new_filehandle, path, flags);
if (PMC_IS_NULL(filehandle))
Parrot_ex_throw_from_c_args(interp, NULL, EXCEPTION_PIO_ERROR,
"Unable to open filehandle from path '%S'", path);
- PARROT_ASSERT(filehandle->vtable->base_type == enum_class_FileHandle);
+ PARROT_ASSERT(filehandle->vtable->base_type == typenum);
SETATTR_FileHandle_flags(interp, new_filehandle, flags);
SETATTR_FileHandle_filename(interp, new_filehandle, path);
SETATTR_FileHandle_mode(interp, new_filehandle, mode);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: intercept_io.pir
Type: application/octet-stream
Size: 1170 bytes
Desc: not available
URL: <http://lists.parrot.org/pipermail/parrot-dev/attachments/20100422/b7997760/attachment.obj>
More information about the parrot-dev
mailing list