Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Await safety uncertain in agoric-cli/src/cosmos.js #6235

Closed
erights opened this issue Sep 16, 2022 · 0 comments · Fixed by #6739
Closed

Await safety uncertain in agoric-cli/src/cosmos.js #6235

erights opened this issue Sep 16, 2022 · 0 comments · Fixed by #6739
Assignees
@michaelfig @dtribble
Labels
bug Something isn't working

Comments

@erights
Copy link
Member

erights commented Sep 16, 2022

agoric-sdk/packages/agoric-cli/src/cosmos.js

Line 88 in a1dedea

const exitStatus = await pspawn('docker', ['pull', IMAGE]);

The triage at #6219 currently classifies this as

// This await is safe because "terminal-control-flow"

and suppresses the warning. However, at https://github.com/Agoric/agoric-sdk/pull/6219/files#r972609594 @dtribble says

I disagree here. Since the line below the if is a recursive call, if opts.dockerTag && ! popts.pull then this will infinite loop within a turn.

Git blame shows @michaelfig as the ones who should probably investigate this, so I'm assigning to them. Feel free to reassign as appropriate of course. Since @dtribble noticed the unsafety I missed, adding him too.

Because @dtribble also writes

That's not something an attacker can supply, so this is low risk.

I omit the security label.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelfig michaelfig

@dtribble dtribble

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clear up uncertain await safety Agoric/agoric-sdk
4 participants
@erights @michaelfig @Tartuffo @dtribble