Re: Can "gawk -i extension" be made safer?

[Andrew J. Schorr]

Hi Stephane,

On Sun, Jun 25, 2023 at 10:17:50AM +0100, Stephane CHAZELAS wrote:
...
> https://github.com/search?q=%22-i+inplace%22&type=code&p=2 a
> github code search for "-i inplace" returns 1.4k hits.
> Similar searches for comp.lang.awk or unix.stackexchange.com
> also return hundreds of hits. I don't see many mentioning
> $AWKPATH.
> 
> How many of these constitute security vulnerabilities or promote
> something that introduce vulnerabilities? Can't we do something
> about it?

Thanks for raising this issue; it's an interesting question.
But I think Arnold is correct that it would be problematic to change
gawk's established default behavior.

Here are a couple of thoughts/questions pertaining to this:

1. Should we consider patching extras/gawk.{sh,csh} to add
gawkpath_sanitize and gawklibpath_sanitize functions that remove any
directories from the path that are relative and not absolute?
You already provided the code for gawkpath_sanitize:

gawkpath_sanitize () {
        export AWKPATH="$(LC_ALL=C gawk '
BEGIN {
        n = split(ENVIRON["AWKPATH"], dirs, ":")
        for (i = 1; i <= n; i++)
        if (substr(dirs[i], 1, 1) == "/") {
                newawkpath = (newawkpath sep dirs[i])
                sep = ":"
        }
        print newawkpath
}')"
}

And similarly for gawklibpath_sanitize. And we'll need C-shell versions.

2. Would a "safegawk" wrapper script that sanitizes the paths prior
to invoking gawk be useful? If so, should such a script be part of the
distribution or something that users should craft for themselves?

safegawk:

#!/bin/sh

. /etc/profiles.d/gawk.sh

gawkpath_sanitize
gawklibpath_sanitize

exec gawk "$@"

Regards,
Andy