Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: dennis () FUNKPLANET COM (Dennis Taylor)
Date: Fri, 18 Feb 2000 13:40:09 -0800
On Thu, Feb 17, 2000 at 10:33:07AM -0600, Brock Sides wrote:
Perl's tainting mechanism only comes into play if you are invoking a external command in some way: via system, exec, backticks, or opening a filehandle to or from a pipe. For example,
Not quite true. Tainting will block any of the following operations, as near as I can tell from a cursory perusal of the source: - require()ing or use()ing a Perl library - unlinking a file - using the "glob" operator for expanding shell wildcards - opening a file for writing - in-place editing with the -i option - changing the "user" component of your umask - truncating a file via the truncate() function - calling the ioctl() or fcntl() functions - creating, binding, or connecting a new socket or socketpair - changing directories - calling chroot() - renaming/moving a file - linking a file (either link() or symlink()) - creating a new directory - removing a directory - executing an external command with a pipe (backticks, open"|", etc.) - executing an external command with a fork and exec (system()) - executing an external command with exec() - setpgrp() and setpriority() - manually making a syscall with syscall() ...and probably a few others I've overlooked. Using -T in your CGI script may not automagically make your program "secure", but it's definitely a big step in the right direction. _________________________________________________________________________ Dennis Taylor "Anyone whose days are all the same and free from dennis () funkplanet com want inhabits eternity of a sort." - Peter Hoeg _________________________________________________________________________ PGP Fingerprint: E8D6 9670 4FBD EEC3 6C6B 810B 2B30 E529 51BD 7B90
Current thread:
- Re: perl-cgi hole in UltimateBB by Infopop Corp., (continued)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
- AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
- Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
- MMDF Ran Atkinson (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)