[13928] in bugtraq
Re: perl-cgi hole in UltimateBB by Infopop Corp.
daemon@ATHENA.MIT.EDU (Brock Sides)
Fri Feb 18 20:28:47 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10002180942120.14242-100000@koala.towery.com>
Date: Fri, 18 Feb 2000 09:45:48 -0600
Reply-To: Brock Sides <bsides@TOWERY.COM>
From: Brock Sides <bsides@TOWERY.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002171020110.14242-100000@koala.towery.com>
On Thu, 17 Feb 2000, I wrote:
> Perl's tainting mechanism only comes into play if you are invoking a
> external command in some way: via system, exec, backticks, or opening a
> filehandle to or from a pipe. For example,
I need to correct myself here, before Randall does it for me. :)
Perl's tainting mechanism will also come into play when opening a
filehandle for writing:
[bsides@koala /tmp]$ cat splort.pl
#!/usr/bin/perl -T
$ENV{PATH}=''; # we need a safe path
$ENV{BASH_ENV}=''; # and a safe bash env
open(PW, ">$ARGV[0]") or die $!;
print PW "splort\nsplort\nsplort\n";
__END__
[bsides@koala /tmp]$ ./splort.pl splort
Insecure dependency in open while running with -T switch at ./splort.pl
line 4.
--
Brock Sides
Unix Systems Administration
Towery Publishing
bsides@towery.com
