summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-11-18 15:08:28 +0100
committertv <tv@krebsco.de>2016-11-18 15:08:28 +0100
commitd430a1fa40fd10aefa9940609818adbabacb1e60 (patch)
tree60b047cc41dcb17e8f251b70df7d36d7c401709a /krebs
parent151ca19a6e67e0c7644f489069cfbc17cec71187 (diff)
Revert "k 5 Reaktor: harden sed-plugin"
This reverts commit dbb25f7288be2c9d2afe796d63d1a070e353daca.
Diffstat (limited to 'krebs')
-rw-r--r--krebs/5pkgs/Reaktor/plugins.nix2
-rw-r--r--krebs/5pkgs/Reaktor/scripts/sed-plugin.py17
2 files changed, 3 insertions, 16 deletions
diff --git a/krebs/5pkgs/Reaktor/plugins.nix b/krebs/5pkgs/Reaktor/plugins.nix
index 242373ced..a483db32c 100644
--- a/krebs/5pkgs/Reaktor/plugins.nix
+++ b/krebs/5pkgs/Reaktor/plugins.nix
@@ -59,7 +59,7 @@ rec {
};
sed-plugin = buildSimpleReaktorPlugin "sed-plugin" {
- path = [ pkgs.gnused pkgs.proot pkgs.python3 ];
+ path = [ pkgs.gnused pkgs.python3 ];
# only support s///gi the plugin needs to see every msg
# TODO: this will eat up the last regex, fix Reaktor to support fallthru
append_rule = true;
diff --git a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py
index 6039aeb43..8103c9585 100644
--- a/krebs/5pkgs/Reaktor/scripts/sed-plugin.py
+++ b/krebs/5pkgs/Reaktor/scripts/sed-plugin.py
@@ -34,22 +34,9 @@ if m:
flagstr = ''
last = d.get(usr,None)
if last:
+ #print(re.sub(fn,tn,last,count=count,flags=flags))
from subprocess import Popen,PIPE
- import shutil
- from os.path import realpath
- # sed only needs stdin/stdout, we protect state_dir with this
- # input to read/write arbitrary files:
- # s/.\/\/; w /tmp/i (props to waldi)
- # conclusion: sed is untrusted and we handle it like this
- p = Popen(['proot',
- # '-v','1',
- '-w','/', # cwd is root
- '-b','/nix/store', # mount important folders
- '-b','/usr',
- '-b','/bin',
- '-r','/var/empty', # chroot to /var/empty
- realpath(shutil.which('sed')),
- 's/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
+ p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
so,se = p.communicate(bytes("{}\n".format(last),"UTF-8"))
if p.returncode:
print("something went wrong when trying to process your regex: {}".format(se.decode()))