mirror of
https://git.savannah.gnu.org/git/guile.git
synced 2025-06-04 11:10:27 +02:00
Reported by Christopher Allan Webber <cwebber@dustycloud.org> Co-authored-by: Ludovic Courtès <ludo@gnu.org> This commit adds protection to Guile's REPL servers against HTTP inter-protocol exploitation attacks, a scenario whereby an attacker can, via an HTML page, cause a web browser to send data to TCP servers listening on a loopback interface or private network. See <https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and <https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol Attack (2001) by Tochen Topf <jochen@remote.org>. Here we add a procedure to 'before-read-hook' that looks for a possible HTTP request-line in the first line of input from the client socket. If present, the socket is drained and closed, and a loud warning is written to stderr (POSIX file descriptor 2). * module/system/repl/server.scm: Add 'maybe-check-for-http-request' to 'before-read-hook' when this module is loaded. (with-temporary-port-encoding, with-saved-port-line+column) (drain-input-and-close, permissive-http-request-line?) (check-for-http-request, guard-against-http-request) (maybe-check-for-http-request): New procedures. (serve-client): Use 'guard-against-http-request'. * module/system/repl/coop-server.scm (start-repl-client): Use 'guard-against-http-request'. * doc/ref/guile-invoke.texi (Command-line Options): In the description of the --listen option, make the security warning more prominent. Mention the new protection added here. Recommend using UNIX domain sockets for REPL servers. "a path to" => "the file name of". |
||
---|---|---|
.. | ||
.gitignore | ||
api-binding.texi | ||
api-compound.texi | ||
api-control.texi | ||
api-coverage.texi | ||
api-data.texi | ||
api-debug.texi | ||
api-deprecated.texi | ||
api-evaluation.texi | ||
api-foreign.texi | ||
api-i18n.texi | ||
api-init.texi | ||
api-io.texi | ||
api-lalr.texi | ||
api-languages.texi | ||
api-macros.texi | ||
api-memory.texi | ||
api-modules.texi | ||
api-options.texi | ||
api-overview.texi | ||
api-procedures.texi | ||
api-regex.texi | ||
api-scheduling.texi | ||
api-scm.texi | ||
api-smobs.texi | ||
api-snarf.texi | ||
api-undocumented.texi | ||
api-utility.texi | ||
api.txt | ||
ChangeLog-2008 | ||
ChangeLog-goops-2008 | ||
ChangeLog-guile-doc-ref | ||
compiler.texi | ||
curried.texi | ||
data-rep.texi | ||
effective-version.texi.in | ||
expect.texi | ||
fdl.texi | ||
gds.dia | ||
gds.eps | ||
gds.pdf | ||
gds.txt | ||
goops-tutorial.texi | ||
goops.texi | ||
guile-invoke.texi | ||
guile.texi | ||
hierarchy.dot | ||
hierarchy.eps | ||
hierarchy.pdf | ||
hierarchy.png | ||
hierarchy.txt | ||
history.texi | ||
indices.texi | ||
intro.texi | ||
libguile-autoconf.texi | ||
libguile-concepts.texi | ||
libguile-extensions.texi | ||
libguile-linking.texi | ||
libguile-parallel.texi | ||
libguile-program.texi | ||
libguile-smobs.texi | ||
libguile-snarf.texi | ||
Makefile.am | ||
match.texi | ||
misc-modules.texi | ||
mod-getopt-long.texi | ||
mop.text | ||
new-docstrings.texi | ||
posix.texi | ||
preface.texi | ||
r6rs.texi | ||
repl-modules.texi | ||
scheme-ideas.texi | ||
scheme-indices.texi | ||
scheme-intro.texi | ||
scheme-reading.texi | ||
scheme-scripts.texi | ||
scheme-using.texi | ||
scheme.dia | ||
scheme.eps | ||
scheme.pdf | ||
scheme.txt | ||
scsh.texi | ||
slib.texi | ||
srfi-modules.texi | ||
statprof.texi | ||
sxml-match.texi | ||
sxml.texi | ||
texinfo.texi | ||
tools.texi | ||
tour.texi | ||
vm.texi | ||
web.texi |