From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
	T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no
	version=3.4.6
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id 5B4A11F518
	for <meta@public-inbox.org>; Wed, 29 May 2024 19:35:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org;
	s=selector1; t=1717011319;
	bh=eLXL8578IwJSEnZMIjAN/2hxhKr/LsCI6NDVKUILzMM=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=0PPHqOje/B/CrhyfJiVj65nVZrHZCE4pXz89OeOJJlrqenkws44WmJfsuFvMuJNwL
	 HH2QXf2zzpQYKnA0xblX3erCJVAQG5kXGBiO7Fy5qGDDGBGMQzv6wECD6xQQWFLr7a
	 swekbHruXMl/e+VhhVJkcw0RgEgWUQYjpMsL+h34=
Date: Wed, 29 May 2024 19:26:48 +0000
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: Re: [PATCH] search: forbid getopt(3) switch injection in query
Message-ID: <20240529192648.M314167@dcvr>
References: <20240528212502.4001299-1-e@80x24.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20240528212502.4001299-1-e@80x24.org>
List-Id: <meta.public-inbox.org>

Pushed with updated commit message:

1:  39ee8b08 ! 1:  3b7427bf search: forbid getopt(3) switch injection in query
    @@ Commit message
         Getopt::Long; so we use `--' to separate the query string
         from switches.
     
    -    Fortunately, this doesn't allow writes to on-disk Xapian DBs,
    -    but causes aborts on some searches or nonsensical results when
    -    using the optional external xap_helper processes.  There's no
    -    risk of data leaks since the mset xap_helper endpoint only
    -    returns document IDs (unsigned integers), and not terms.
    +    Consequences of this bug were limited to a single broken HTTP
    +    response for the requesting client.
     
    -    The biggest danger is may run systems out of space if the system
    -    is configured to write out core dumps.
    +    It didn't didn't allow writes to on-disk Xapian DBs, but caused
    +    aborts on some searches or nonsensical results when using the
    +    optional external xap_helper processes.  There was no risk of
    +    data leaks since the mset xap_helper endpoint only returns
    +    document IDs (unsigned integers), and not terms.
    +
    +    The biggest danger from this bug was that it could run systems
    +    out of space if they are configured to write out core dumps.
     
      ## lib/PublicInbox/Search.pm ##
     @@ lib/PublicInbox/Search.pm: sub async_mset {