Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: merlyn () STONEHENGE COM (Randal L. Schwartz)
Date: Thu, 17 Feb 2000 07:41:48 -0800
"Bill" == Bill McKinnon <mckinnon () ISIS2000 COM> writes:
Perl's open will dup other file descriptors if < is followed by &. This isn't as potentially problematic as forking commands, but there may be circumstances where someone could dup a filehandle and cause your script to behave strangely/output sensitive information/etc.
There are two secure opening mechanisms (3 in perl 5.6 forthcoming). sysopen() emulates the open(2) interface (without the normal magic), and the following code handles arbitrary filenames to open: $name = "./$name" unless $name =~ m{^/}; open FILE, "< $name" or die "..."; I believe this has been documented for quite some time. We can't help people who don't read the docs. Bill> Interesting. And for the curious, this doesn't seem to be noticed by Bill> Perl's tainting mechanism, unless I'm misunderstanding something: Bill> $ perl -T - '&PW' Bill> open(PW, "/etc/passwd") or die "open(): $!\n"; Taint mode never complains about the data being passed to a filename open for *input*. The data being read is tainted, however. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Current thread:
- Re: perl-cgi hole in UltimateBB by Infopop Corp., (continued)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt (Feb 14)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Jordan Ritter (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Kevin Hillabolt (Feb 14)
- Packet filter logging: MAC & TCP flags Jens Hektor (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Irwin Lazar (Feb 17)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Randal L. Schwartz (Feb 17)