[Info-vax] Command Line Versus Command Line
Arne Vajhøj
arne at vajhoej.dk
Fri May 24 09:42:49 EDT 2024
On 5/24/2024 9:32 AM, Michael S wrote:
> On Fri, 24 May 2024 08:13:04 -0400
> Arne Vajhøj <arne at vajhoej.dk> wrote:
>> As illustrated by the Rust issue.
>
> I was not able to figure out what exactly Rust guys were trying to
> achieve. Feeding cmd.exe with command line from untrusted source and
> expecting no harm sounds like mission impossible.
> That is, impossible when you run cmd.exe under privileged account.
> It is possible when you run it under sufficiently deprived account, but
> that is orthogonal to parsing of command line.
>
To my very limited understanding then the problem was that:
Command::new("program").arg("a1").arg("a2")
ended up as:
program a1 a2
not:
program "a1" "a2"
which is fine but is also meant that:
Command::new("program").arg("a1").arg("a2 x y z")
ended up as:
program a1 a2 x y z
not:
program "a1" "a2 x y z"
which is not so fine.
It is definitely a functional problem.
And if the security depends on program treating the two
arguments securely, then it is also a security problem.
Arne
More information about the Info-vax
mailing list