diff options
author | tv <tv@krebsco.de> | 2016-11-18 15:08:28 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-11-18 15:08:28 +0100 |
commit | d430a1fa40fd10aefa9940609818adbabacb1e60 (patch) | |
tree | 60b047cc41dcb17e8f251b70df7d36d7c401709a /krebs | |
parent | 151ca19a6e67e0c7644f489069cfbc17cec71187 (diff) |
Revert "k 5 Reaktor: harden sed-plugin"
This reverts commit dbb25f7288be2c9d2afe796d63d1a070e353daca.
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/5pkgs/Reaktor/plugins.nix | 2 | ||||
-rw-r--r-- | krebs/5pkgs/Reaktor/scripts/sed-plugin.py | 17 |
2 files changed, 3 insertions, 16 deletions
diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix index 242373ced..a483db32c 100644 --- a/krebs/5pkgs/Reaktor/plugins.nix +++ b/krebs/5pkgs/Reaktor/plugins.nix @@ -59,7 +59,7 @@ rec { }; sed-plugin = buildSimpleReaktorPlugin "sed-plugin" { - path = [ pkgs.gnused pkgs.proot pkgs.python3 ]; + path = [ pkgs.gnused pkgs.python3 ]; # only support s///gi the plugin needs to see every msg # TODO: this will eat up the last regex, fix Reaktor to support fallthru append_rule = true; diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py index 6039aeb43..8103c9585 100644 --- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py +++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py @@ -34,22 +34,9 @@ if m: flagstr = '' last = d.get(usr,None) if last: + #print(re.sub(fn,tn,last,count=count,flags=flags)) from subprocess import Popen,PIPE - import shutil - from os.path import realpath - # sed only needs stdin/stdout, we protect state_dir with this - # input to read/write arbitrary files: - # s/.\/\/; w /tmp/i (props to waldi) - # conclusion: sed is untrusted and we handle it like this - p = Popen(['proot', - # '-v','1', - '-w','/', # cwd is root - '-b','/nix/store', # mount important folders - '-b','/usr', - '-b','/bin', - '-r','/var/empty', # chroot to /var/empty - realpath(shutil.which('sed')), - 's/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) + p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE ) so,se = p.communicate(bytes("{}\n".format(last),"UTF-8")) if p.returncode: print("something went wrong when trying to process your regex: {}".format(se.decode())) |