Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: bsides () TOWERY COM (Brock Sides)
Date: Fri, 18 Feb 2000 09:45:48 -0600
On Thu, 17 Feb 2000, I wrote:
Perl's tainting mechanism only comes into play if you are invoking a external command in some way: via system, exec, backticks, or opening a filehandle to or from a pipe. For example,
I need to correct myself here, before Randall does it for me. :) Perl's tainting mechanism will also come into play when opening a filehandle for writing: [bsides@koala /tmp]$ cat splort.pl #!/usr/bin/perl -T $ENV{PATH}=''; # we need a safe path $ENV{BASH_ENV}=''; # and a safe bash env open(PW, ">$ARGV[0]") or die $!; print PW "splort\nsplort\nsplort\n"; __END__ [bsides@koala /tmp]$ ./splort.pl splort Insecure dependency in open while running with -T switch at ./splort.pl line 4. -- Brock Sides Unix Systems Administration Towery Publishing bsides () towery com
Current thread:
- Re: perl-cgi hole in UltimateBB by Infopop Corp., (continued)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill (Feb 14)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
- AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
- Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
- MMDF Ran Atkinson (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill (Feb 14)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)