taint problem

taint problem

am 01.02.2005 12:48:19 von Obantec Support

Hi

I am running perl 5.8.0 on RH7.2 and have a weird (from my view) issue.
I need to open a file for output using a param as below (very cut down
version of script).

#!/usr/bin/perl -wT

use strict;
use CGI;

my $keycode = $cgi->param('keycode')

open(FINAL, ">$keycode") || die "Could not open $keycode $!\n";

the open line reports Insecure dependency in open while running with -T
switch at ....

I need to run with -T as this is an API supplied as a basic program to which
i must add my own code.

any help appreciated.

Mark

Re: taint problem

am 01.02.2005 14:33:44 von Joe Smith

Obantec Support wrote:

> my $keycode = $cgi->param('keycode')
> open(FINAL, ">$keycode") || die "Could not open $keycode $!\n";

My god, please don't tell me that's your actual code.
You're allowing malicious users to clobber any writable file
on your system. The value in $keycode is tainted, you _MUST_
untaint the string before using it.

> the open line reports Insecure dependency in open while running with -T
> switch at ....

That's right, perl is not allowing you to do an incredibly stupid thing.
Go read the docs on how to untaint user input.
-Joe

Re: taint problem

am 01.02.2005 17:48:41 von Obantec Support

"Joe Smith" wrote in message
news:Lqmdnf5iE7OmGGLcRVn-gw@comcast.com...
> Obantec Support wrote:
>
> > my $keycode = $cgi->param('keycode')
> > open(FINAL, ">$keycode") || die "Could not open $keycode $!\n";
>
> My god, please don't tell me that's your actual code.
> You're allowing malicious users to clobber any writable file
> on your system. The value in $keycode is tainted, you _MUST_
> untaint the string before using it.
>
> > the open line reports Insecure dependency in open while running with -T
> > switch at ....
>
> That's right, perl is not allowing you to do an incredibly stupid thing.
> Go read the docs on how to untaint user input.
> -Joe

Hi Joe

I got the first part right -T

the code was just a quick out of my head scribble. don't have full script at
this location.
anyway i found

$keycode =~/([\w-. ]+)/;#untaint a tainted user input
my $code = $1;

and use $code as untainted for the script.

better?

Mark