[13944] in bugtraq
Re: perl-cgi hole in UltimateBB by Infopop Corp.
daemon@ATHENA.MIT.EDU (Bennett Todd)
Mon Feb 21 16:09:32 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="qE0/TkNoJLLGUzs4"
Message-Id: <20000218172745.I2654@rahul.net>
Date: Fri, 18 Feb 2000 17:27:45 -0500
Reply-To: Bennett Todd <bet@RAHUL.NET>
From: Bennett Todd <bet@RAHUL.NET>
X-To: Brock Sides <bsides@TOWERY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002180942120.14242-100000@koala.towery.com>;
from bsides@TOWERY.COM on Fri, Feb 18, 2000 at 09:45:48AM -0600
--qE0/TkNoJLLGUzs4
Content-Type: text/plain; charset=us-ascii
2000-02-18-10:45:48 Brock Sides:
> Perl's tainting mechanism will also come into play when opening a
> filehandle for writing:
What's more, it's available to user code. perlsec(1) gives an
example routine that can check the taintedness of a variable, and
the Taint module makes it really painless.
DBI.pm offers a Taint option to taint-check data passed to it; this
offers some hope of addressing the rash of bugs in weirdo data with
SQL embedded in it being passed through CGIs and into a relational
database (ref RFP2K01, recently posted to this list).
I'm hoping it's possible that the new (development track perl)
feature for I/O disciplines may allow you to bolt a routine over the
front of an I/O handle that taint checks everything written to it;
that'd make a nice clean way of dealing with the whole
cross-site-scripting problem.
-Bennett
--qE0/TkNoJLLGUzs4
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4rcdhL6KAps40sTYRAfToAJ0atZAeXN2wHTQ8nSvCqgoYAhCrMQCfbBnh
hHpVW5W8NWVxsve+d5KUZOU=
=ZOLW
-----END PGP SIGNATURE-----
--qE0/TkNoJLLGUzs4--
