1
Fork 0
mirror of https://git.savannah.gnu.org/git/guile.git synced 2025-05-03 05:20:16 +02:00
guile/doc
Mark H Weaver 08c021916d REPL Server: Guard against HTTP inter-protocol exploitation attacks.
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>

This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network.  See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.

Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket.  If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).

* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here.  Recommend using UNIX domain
sockets for REPL servers.  "a path to" => "the file name of".
2016-10-11 11:29:09 +02:00
..
maint Placate a number of `syntax-check' verifications. 2012-01-05 23:38:10 +01:00
r5rs doc: Allow compilation of r5rs.texi with Texinfo 5.0. 2013-03-07 00:05:46 +01:00
ref REPL Server: Guard against HTTP inter-protocol exploitation attacks. 2016-10-11 11:29:09 +02:00
.gitignore More `.gitignore'. 2008-04-07 23:48:48 +02:00
BUGS
ChangeLog-2008 Rename ChangeLog' files to ChangeLog-2008'. 2008-09-12 21:49:58 +02:00
ChangeLog-guile-doc
gendocs_template Update Gnulib to 6835fc458f30b94f15d69c35a79cbc2dfabe2d06. 2016-06-29 11:32:05 +02:00
gendocs_template_min Update Gnulib to 6835fc458f30b94f15d69c35a79cbc2dfabe2d06. 2016-06-29 11:32:05 +02:00
goops.mail
groupings.alist Change Guile license to LGPLv3+ 2009-06-17 00:22:09 +01:00
guile-api.alist Deprecate scm_array_fill_int() 2013-04-05 22:54:14 +02:00
guile.1 Fix typo in the man page. 2015-06-19 15:44:24 -04:00
hacks.el
Makefile.am Remove doc/example-smob/ 2014-04-28 17:46:59 +02:00
NEWS merge from 1.8 branch 2006-04-16 23:18:55 +00:00
README Remove doc/example-smob/ 2014-04-28 17:46:59 +02:00
recipe-guidelines.txt
release.org doc: Update `release.org'. 2013-04-10 01:09:28 +02:00
texinfo.tex autotooling, version bump to 0.7 2008-05-20 12:10:18 +02:00
THANKS
use-cases.fig
use-cases.txt

This directory contains documentation on the Guile core.         -*-text-*-

The documentation consists of the following manuals.

- The Guile Tutorial (guile-tut.texi) contains a tutorial introduction
  to using Guile.

- The Guile Reference Manual (guile.texi) contains (or is intended to
  contain) reference documentation on all aspects of Guile.

- The Revised^5 Report on the Algorithmic Language Scheme (r5rs.texi).

Please be aware that this is all very much work in progress (apart
from the Revised^5 Report).  Bug reports and contributions are
welcome!

The `sources' directory includes some stuff relevant to the Guile
reference manual, and which may eventually be folded in to it.  It's
not immediately relevant, however, which is why it's not in this
directory.

The Revised^4 Report (r4rs.texi) is no longer in this distribution, as
it is completely superseded by the Revised^5 Report.  If you need to
consult R4RS, it is still widely available, for example at
http://www-swiss.ai.mit.edu/projects/info/SchemeDocs/r4rs/.