Should we disallow calling `execute_command_line`?

[milancurcic]

It's currently allowed and users can run shell commands in the container. Should we disallow calling execute_command_line, even considering #46?

[awvwgk]

There is also the extension system which can run shell commands and we can still popen a process via bind(c). Best would be to strip down our docker image to only include the necessary libraries. Not having wget and curl might already help, don't know whether we can delete the shell and have fpm still work. Maybe a distroless container might be useful.

[ivan-pi]

Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as?

intrinsic :: execute_command_line

Perhaps it's possible to remove the symbol from libgfortran.a (or the shared library)?

[arjenmarkus]

You can do so with inserting a "use module" - I sent an example to Milan and Sebastian, see below: ! chk_exec.f90 -- ! Can I override execute_command_line? ! module workaround_exec implicit none intrinsic :: execute_command_line end module workaround_exec module dummy_exec implicit none contains subroutine execute_command_line( string ) character(len=*) :: string write(*,*) "Dummy execution of: " // trim(string) end subroutine execute_command_line end module dummy_exec program chk_exec use dummy_exec use workaround_exec !intrinsic :: execute_command_line call execute_command_line( "echo Hello!" ) end program chk_exec I tested this with Intel Fortran and gfortran - both give errors with either the intrinsic statement or the use of the other module. Regards, Arjen Op di 13 sep. 2022 om 21:24 schreef Ivan Pribec ***@***.***>:

…

Would it be possible to inject code (or maybe a preprocessor define) that overwrites these functions and force them to generate a compile-time error? But I guess even this can be overridden with a declaration such as? intrinsic :: execute_command_line Perhaps it's possible to remove the symbol from libgfortran.a (or the shared library)? — Reply to this email directly, view it on GitHub <#47 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAN6YR55GJYRE2MKHCHPWGLV6DIIRANCNFSM6AAAAAAQLTDLDA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[milancurcic]

Thank you @ivan-pi and @arjenmarkus. Both are viable, but rather than injecting code we can detect the offending code in the function that processes the request, and return a helpful error message to the frontend.

Alternatively, we could disallow it on the frontend. The user would still be able to submit such code directly to the API until #34 is resolved.