Revert "k 5 Reaktor: harden sed-plugin"
This reverts commit dbb25f7288
.
This commit is contained in:
parent
151ca19a6e
commit
d430a1fa40
@ -59,7 +59,7 @@ rec {
|
||||
};
|
||||
|
||||
sed-plugin = buildSimpleReaktorPlugin "sed-plugin" {
|
||||
path = [ pkgs.gnused pkgs.proot pkgs.python3 ];
|
||||
path = [ pkgs.gnused pkgs.python3 ];
|
||||
# only support s///gi the plugin needs to see every msg
|
||||
# TODO: this will eat up the last regex, fix Reaktor to support fallthru
|
||||
append_rule = true;
|
||||
|
@ -34,22 +34,9 @@ if m:
|
||||
flagstr = ''
|
||||
last = d.get(usr,None)
|
||||
if last:
|
||||
#print(re.sub(fn,tn,last,count=count,flags=flags))
|
||||
from subprocess import Popen,PIPE
|
||||
import shutil
|
||||
from os.path import realpath
|
||||
# sed only needs stdin/stdout, we protect state_dir with this
|
||||
# input to read/write arbitrary files:
|
||||
# s/.\/\/; w /tmp/i (props to waldi)
|
||||
# conclusion: sed is untrusted and we handle it like this
|
||||
p = Popen(['proot',
|
||||
# '-v','1',
|
||||
'-w','/', # cwd is root
|
||||
'-b','/nix/store', # mount important folders
|
||||
'-b','/usr',
|
||||
'-b','/bin',
|
||||
'-r','/var/empty', # chroot to /var/empty
|
||||
realpath(shutil.which('sed')),
|
||||
's/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
|
||||
p = Popen(['sed','s/{}/{}/{}'.format(f,t,flagstr)],stdin=PIPE,stdout=PIPE )
|
||||
so,se = p.communicate(bytes("{}\n".format(last),"UTF-8"))
|
||||
if p.returncode:
|
||||
print("something went wrong when trying to process your regex: {}".format(se.decode()))
|
||||
|
Loading…
Reference in New Issue
Block a user