BookmarkSubscribeRSS Feed
k4minou
Obsidian | Level 7

Hi,

 

I am wondering if there is a way to secure the file piping?

/* for example.. */
/* we scan the disk F with all its (sub)contents */
filename
	&fileDesc. pipe
	"@echo off & for /f ""delims="" %a in ('dir F: /s /b') do echo %~fa %~ta %~za"
	lrecl=32767;
%diskScan(&fileDesc., diskName = F);

/* now we have the full pathname to delete files, let's say a directory... */
filename
	&fileDesc. pipe
	"@echo off & rd F:\someDir2Remove /S /Q"
	lrecl=32767;
%diskScan(&fileDesc., diskName = F);

the macro %diskScan is a simple macro reading the &fileDesc. with few regex

 

As you can see, we can inject in the pipe some command that could be a serious problem.

 

Moreover, the other point is after the full scan, we can see the file that we are not supposed to see

 

So, is there a way to secure it (without disabling the pipe) ?

 

Thank you in advance for your reply/help

 

😃

10 REPLIES 10
andreas_lds
Jade | Level 19

If the user has the file-system-rights to delete the file, securing pipe would be of no use, because he/she could just use the fdelete function.

AngusLooney
SAS Employee

file pipe can be disabled entirely using the -noxcmd start up option, in facts, that's the default in most configurations. It's a difficult topic, XCMDs bring very significant and powerful capabilities, but Spiderman allies (great power, great responsibilities).

 

You can basically do whatever your user account is allowed to do, and if that means file deleting, you can.

 

So, it throws a focus on to the SAS environment being properly configured and setup, that end users DO NOT have permissions to write and delete inside the SAS configuration directory, etc.

 

Perhaps the greatest risk is that mistakes can happen, a bit of code to "delete files"  is fine when you use it as intended on "your" files, but the day you pass it a blank "directory" value, it ends up working on a directory you didn't intend, and merrily deletes everyone else's files.

k4minou
Obsidian | Level 7

Completely agreed with you on this 😃

 

That's why I wanted to know if there is a way to secure it (without disabling it lol)

k4minou
Obsidian | Level 7

The fdelete is only usefull if we know the full path, by default everything is partitionned here and each group of user can see the files they are supposed to see.

 

If I can see C:\Dir\File2Delete.txt then ofc I dont need to use weird way to delete it.

 

The main problem here is thanks to the piping, I can see the files I am not supposed to see, it also means that I know the full path name which can become the arg for my deletion (with fdelete or not) 😃

Kurt_Bremser
Super User

If you do not want that users have access to certain files, you need to properly set permissions on the operating system level. As long as users have a system account, they can use that outside of SAS to wreck your day (if you are the system admin, and were sloppy).

k4minou
Obsidian | Level 7

Thank you all for your kind replies 😃

 

I was not clear sorry ; I am only a regular user, I am not an administrator and have thus no actions on the server in terms of settings.

 

The current environnement :

• OS = WIN (X64_SRV12)
• SAS = 9.04.01M3P062415

 

Via Windows Explorer (even via dos command), the differents properties level are good - I can only access, read or write the files/directories that I am supposed to.

 

Same for SAS Guide Explorer, the partitioning of the differents files are good, I can only see/manipulate what I am supposed to see/manipulate

 

And the problem occurs with the piping... I can read full path filename then with a CP command, I can grab everything I want, I can even delete and all of this via piping command injection.

 

I have to report this problem to the administrators, but before to do it, I am here to know if there is any way to secure without disabling the piping (because I need the piping...)

 

Why I need it ? Because I want to dynamically mount a network disk that is not mounted by default, to work on it (maybe there is a specific function/command on SAS?)

 

I do it with these instructions 

filename
	&fileDesc. pipe
	"@echo off & NET USE T: /DELETE /Y & NET USE T: \\XXXX\ZZZ"
	lrecl=32767;
%diskScan(&fileDesc., diskName = T);

Thank you again in any case ^^

 

 

o(  ^   ^  )o Cheers!!! o(  ^   ^  )o

AngusLooney
SAS Employee

With Windows, you can usually just use the UNC, no need to mount it in order to be able to access it.

 

So, you can use  "\\xxxx\zzz\thefile.txt" as the path to the file, in an import for instance.

k4minou
Obsidian | Level 7

Thank you, but...

 

As I got some “unc path not supported” as errors, I gave up and finaly used the simplest and also fastest way; to mount a virtual network disk which is only existed during the session SAS

 

But yes, I firstly tried with UNC directly 😃

 

AngusLooney
SAS Employee

Well, if it won't work implicitly, you've got no choice. Odd though.

k4minou
Obsidian | Level 7

lol yes, if the server works well it will be easier for the rest of the world ^^

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Mastering the WHERE Clause in PROC SQL

SAS' Charu Shankar shares her PROC SQL expertise by showing you how to master the WHERE clause using real winter weather data.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 10 replies
  • 1586 views
  • 6 likes
  • 4 in conversation