[Haskell-cafe] More on the random idea
Isaac Dupree
isaacdupree at charter.net
Sun May 27 07:51:03 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Donald Bruce Stewart wrote:
> I've listed the mechanisms we use, and exploits that have been thought
> of, or discovered, over the years, on the page:
>
> http://haskell.org/haskellwiki/Safely_running_untrusted_Haskell_code
>
Lambdabot uses is the technique of using a space at the beginning of the
line to make sure it doesn't do anything special.
However, it seems currently for multiple lines (long string or error
string) it only puts a space if the first character is '@' ('?', '>',
'/', '\001', '\000' are all sent literally). This behavior seems odd
(why do it for '@'? and why not always a space?). In XChat the '\000'
prevented the rest of the message from appearing, in the unescaped
version produced by 'error'.
Try (with any string in place of "?botsnack")
@run (\str -> replicate 198 'a' ++ str ++ replicate (199 - length str)
' ') "?botsnack"
or
@run (\str -> error (replicate 188 'a' ++ str)) "?botsnack"
(at least lambdabot doesn't respond to itself:)
Isaac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGWXCmHgcxvIWYTTURAkrlAKCcxS/kjtqtJCwZl3SrV7q7QyOL0QCgpeKS
9crkBNfI4QYzCn9P+2f7gCk=
=8Tsr
-----END PGP SIGNATURE-----
More information about the Haskell-Cafe
mailing list