Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: perl-cgi hole in UltimateBB by Infopop Corp.

From: bsides () TOWERY COM (Brock Sides)
Date: Fri, 18 Feb 2000 09:45:48 -0600

On Thu, 17 Feb 2000, I wrote:


Perl's tainting mechanism only comes into play if you are invoking a
external command in some way: via system, exec, backticks, or opening a
filehandle to or from a pipe. For example,


I need to correct myself here, before Randall does it for me. :)

Perl's tainting mechanism will also come into play when opening a
filehandle for writing:

[bsides@koala /tmp]$ cat splort.pl
#!/usr/bin/perl -T
$ENV{PATH}=''; # we need a safe path
$ENV{BASH_ENV}=''; # and a safe bash env
open(PW, ">$ARGV[0]") or die $!;
print PW "splort\nsplort\nsplort\n";
__END__
[bsides@koala /tmp]$ ./splort.pl splort
Insecure dependency in open while running with -T switch at ./splort.pl
line 4.

--
Brock Sides
Unix Systems Administration
Towery Publishing
bsides () towery com
Previous By Date Next
Previous By Thread Next

Current thread: