* doc/ref/guile-invoke.texi, doc/ref/scheme-scripts.texi:
describe the -e (module) shorthand as on equal footing with (@ ...)
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
* libguile/vm.c (initialize_default_stack_size): New helper.
(scm_bootstrap_vm): Call initialize_default_stack_size.
* doc/ref/guile-invoke.texi (Environment Variables): Add docs.
Based on a patch by Stefan Israelsson Tampe.
* libguile/load.c (scm_ellipsis): New Variable.
(scm_parse_path_with_ellipsis): New procedure.
(scm_init_load): Initialize 'scm_ellipsis'.
(scm_init_load_path): Use 'scm_parse_path_with_ellipsis' to
handle GUILE_LOAD_PATH and GUILE_LOAD_COMPILED_PATH.
* libguile/load.h (scm_parse_path_with_ellipsis): Add prototype.
* doc/ref/guile-invoke.texi (Environment Variables):
doc/ref/api-evaluation.texi (Load Paths): Add documentation.
Correct description of default load path to reflect reality.
Remove 'GUILE_LOAD_PATH' from the concept index; it is already
in the variable index. Add cross references between these two
sections of the manual.
* module/ice-9/command-line.scm (*usage*): Attempt to suggest that
`--no-debug' doesn't inhibit debugging support.
* doc/ref/guile-invoke.texi (Command-line Options): Make it clear that
`--no-debug' doesn't inhibit debugging support. Reported by Manuel
Serrano.
* doc/ref/guile.texi (Programming in Scheme):
* doc/ref/scheme-scripts.texi (Guile Scripting): Moved "Invoking Guile"
to its own file.
* doc/ref/guile-invoke.texi (Invoking Guile): Initial revision. This
file contains the former section "Invoking Guile" that was included in
the chapter "Programming in Scheme" as a subsection named
"Command-line Options." It also includes a new subsection "Environment
Variables," which describes those variables that can be set in the
operating system before Guile is started and which affect Guile's
run-time behavior.
