bemoody / lightwave Goto Github PK
View Code? Open in Web Editor NEWLightWAVE is a lightweight waveform and annotation viewer and editor.
Home Page: http://physionet.org/lightwave/
LightWAVE is a lightweight waveform and annotation viewer and editor.
Home Page: http://physionet.org/lightwave/
sandboxed-lightwave (0.71) works on glibc 2.31-13+deb11u6 (bullseye) and doesn't work on glibc 2.36-9 (bookworm).
The reason is that glibc now uses the newfstatat
system call, instead of fstat
or fstat64
, to implement the fstat
library function.
(The LightWAVE sandbox can't allow newfstatat(fd, "", &s, AT_EMPTY_PATH)
- equivalent to fstat(fd, &s)
, which is safe - without also allowing newfstatat(fd, "foo", &s, AT_EMPTY_PATH)
- roughly equivalent to fchdir(fd), stat("foo", &s)
, which is dangerous. The design of AT_EMPTY_PATH
is silly.)
Now, this is really only a theoretical problem, for a bunch of reasons:
As far as I know, neither WFDB nor LightWAVE currently requires fstat
. libFLAC does, but not if the caller provides its own file I/O callbacks (which WFDB does.) glibc uses fstat
in an advisory fashion and has sensible fallback behavior when it fails.
If sandboxed-lightwave is invoked by a trusted caller (which can guarantee not to pass any directory file descriptors), then there isn't any problem with allowing newfstatat
. Note, for example, that physionet-build uses the close_fds
argument to subprocess.Popen
. The sandbox doesn't allow execve
, and sets no-new-privs, so sandboxed-lightwave can't invoke itself.
The reason directory FDs are dangerous to begin with is that they allow escaping from an external chroot. We don't use chroot for security at the system level, and probably anybody else should be using a filesystem namespace rather than chroot alone.
On PhysioNet, if somebody is able to find some incredibly complicated exploit that lets them reveal the existence / size / modification time of some known filesystem path? Big deal.
That said, I don't like the idea of releasing lightwave with a known security vulnerability. These are the options I see:
Make newfstatat fail with ENOSYS or something.
Use lightwave in unprivileged (user-namespace) mode.
Link sandboxed-lightwave with some other libc, or with a hacked version of glibc.
Add more complicated contortions to sandbox.c, to prevent callers from passing any directory FD.
Add more complicated contortions to sandbox.c, to refuse to run in a chrooted environment.
Would be good to explicitly specify the versions of the following dependencies:
Hello,
I'm trying to run lightwave locally with our own database of ECG signals that we've been collecting. When our database is loaded on lightwave, is there a way for one to annotate the signals, and download the data with annotations?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.