[4915] in bugtraq
Re: Vulnerability in Glimpse HTTP
daemon@ATHENA.MIT.EDU (James Crawford Ralston)
Tue Jul 15 04:44:37 1997
Date: Mon, 14 Jul 1997 16:16:16 -0400
Reply-To: James Crawford Ralston <qralston+@PITT.EDU>
From: James Crawford Ralston <qralston+@PITT.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970710235335.28150.qmail@buffalo.pharos.com.au>
Excerpts from bugtraq: 10-Jul-97 Re: Vulnerability in Glimps.. Martin
Pool@PHAROS.COM.A (1533)
>> This is true, however in the context of this particular bug (Glimpse)
>> this isn't the case. The reason for this being that open() in perl does
>> not honour these escape characters.
> I think perl just passes the string to the shell program (set at compile
> time?) which is usually /bin/sh. So, most shells will interpret a
> linefeed or semicolon as a command separator, and some may take ^ as a
> pipe.
No; perl will only invoke the shell if the expression "contains shell
metacharacters". The logic perl uses to determine if an expression
"contains shell metacharacters" is in the do_exec() function (contained
in doio.c), in the perl source.
--
James Crawford Ralston \ qralston+@pitt.edu \ Systems and Networks [CIS]
University of Pittsburgh \ 600 Epsilon Drive \ Pittsburgh PA 15238-2887
"Computer, you and I need to have a little talk." - O'Brien, ST:DS9
