Sanitizing Input from irc

Question

So I was thinking of writing a irc bot/bot extension that lets users play certain text based games by starting the game,

sending parts of certain lines they enter(regexp match for game signal if not in bots channel ex. rbot gamename enter the forest . sends "enter the forest) to std in of game,

while standard out of game is cached by bot and the piped to the channel (ex. "let us rejoice for the duck has been defeated" gets read into a line cache inside the bot and then the bot sends it to the appropriate channel as

gamename: let us rejoice for

gamename: the duck has been defeated" )

But I'm sort of worried about the tricky things people on irc might do, would stripping all non printable characters be enough safety? If a program quits (say they enter the quit command for the game) what happens when you try writing to the file descriptor for that programs std in(error)? Any other potential problems? Note I'm going to run this on linux or *bsd so I don't need to worry about windows specific things.

Answer 1

escaping quotes and pipe will keep you safe from most stuff

" ' |

Answer 2

Some basics you might want to consider:

• It's much safer to allow text through that you know is safe, than to try and filter out text that you think might not be safe. The games probably accept only alpha-numeric characters, so check to see if the input contains only those values, and deny anything else.
• Run the bot under an account that has the lowest permissions possible, and as limited access to the rest of the machine as possible. If you can sandbox or virtualize it completely, even better.
• You should be watching the PID of the child process for termination, and decide what to do if it exits, restart it or fail further commands, exit the bot, etc.

There are any number of possible security issues whenever exposing services to the network, you would do well to read about general secure programming topics, a quick google search turns up this how-to for example.

It pays to be paranoid. Without following proper secure programming practices, the most you can hope for is that nobody gives an honest try at breaking it.

Answer 3

It doesn't matter where the user input is coming from, it matters how its used.

The one attack that affects IRC is CRLF injection. This will come up for you if you echo back user input over IRC. An attacker could try and inject a carrage return (\r) line feed (\n). This type of injection affects many protocols including HTTP and SMTP. In the case of IRC the attacker would be able to force your bot to send a command to the IRCD (like /join or /kick or /ban :). Make sure to look at an ASCII table and filter out all 0x0A (\n) and 0x0D (\r). In most cases the new line is enough, so make sure you filter for both.

Make sure you read over OWASP A1: Injection. Especially if you are using user input in a sql query or invoking a process on the commandline.