mailing list archives
Re: Vulnerability in Glimpse HTTP (fwd)
From: bri () MOJO CALYX NET (Brian S. Julin)
Date: Tue, 5 Aug 1997 09:09:09 -0400
All these fixes scanning the pattern are all wonderful,
but it would be much easier just to do a file test on
the requested file name before trying to open it.
open (FH,"$dir/archive.cfg") if test -d "$dir" and test -f "$dir/archive.cfg";
Also note that the only meta-characters you need to scan for
are the arguments which open() accepts, namely "|" and the variants of ">",
since you don't care (in fact want) read access to the file.
Other meta-characters will be assumed to be inside the filename.
The only time it gets fully parsed by the shell is when you
use the pipe.
Finally, all calls to open should specify the file opening mode
by preceding the filename with "<" or something like that. When
so preceeded, I don't think the piping attack would work, since
the result would be open (FH,"<|command") which doesn't
open a pipe.
Also consider using the command sysopen().
I had never seen this error since I had long since rewritten
most of GlimpseHTTP for my own purposes and I probably removed that
part because it looked tacky. In fact now that I think of it I do
remember replacing lots of regular expressions in the original
version with limited sets of permissible characters.
Brian S. Julin
- Re: Vulnerability in Glimpse HTTP (fwd) Brian S. Julin (Aug 05)