在 Ruby 中形成卫生 shell 命令或系统调用 [英] Forming sanitary shell commands or system calls in Ruby

问题描述

我正在构建一个守护进程来帮助我管理我的服务器.Webmin 工作正常，就像打开服务器的外壳一样，但我更希望能够从我设计的 UI 控制服务器操作，并向最终用户公开一些功能.

I'm building a daemon that will help me manage my server(s). Webmin works fine, as does just opening a shell to the server, but I'd prefer to be able to control server operations from a UI I design, and also expose some functionality to end users.

守护进程将从队列中选取操作并执行它们.但是，由于我将接受用户的输入，我想确保他们不被允许将危险的东西注入特权 shell 命令中.

The daemon will pick up actions from a queue and execute them. However, since I'll be accepting input from users, I want to make sure they're not permitted to inject something dangerous into a privileged shell command.

这是一个说明我的问题的片段:

Here's a fragment that exemplifies my problem:

def perform
  system "usermod -p #{@options['shadow']} #{@options['username']}"
end

解释更多的要点:https://gist.github.com/773292

对于这种情况，如果典型的输入转义和消毒就足够了，我并不肯定，作为一名设计师，我没有大量与安全相关的经验.我知道这对我来说应该很明显，但事实并非如此！

I'm not positive if typical escaping and sanitizing of inputs is enough for this case, and being a designer, I don't have a ton of security-related experience. I know that this is something that should probably be obvious to me, but its not!

如何确保将创建和序列化操作的 Web 应用程序无法将危险文本传递到接收操作的特权进程中?

How can I ensure that the web application that will create and serialize the actions can't pass dangerous text into the privileged process that receives the actions?

感谢您的帮助
套利

Thanks for the help
arb

推荐答案

看起来您的工作不需要外壳.在此处查看 system 的文档:http://ruby-doc.org/core/classes/Kernel.html#M001441

It doesn't look like you need a shell for what you're doing. See the documentation for system here: http://ruby-doc.org/core/classes/Kernel.html#M001441

你应该使用system的第二种形式.您上面的示例将变为:

You should use the second form of system. Your example above would become:

system 'usermod', '-p', @options['shadow'], @options['username']

一种更好的 (IMO) 写法是:

A nicer (IMO) way to write this is:

system *%W(usermod -p #{@options['shadow']} #{@options['username']})

这种方式的参数直接传递到 execve 调用中，所以你不必担心偷偷摸摸的 shell 技巧.

The arguments this way are passed directly into the execve call, so you don't have to worry about sneaky shell tricks.

这篇关于在 Ruby 中形成卫生 shell 命令或系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！