Home page logo

bugtraq logo Bugtraq mailing list archives

Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: bsides () TOWERY COM (Brock Sides)
Date: Fri, 18 Feb 2000 09:45:48 -0600

On Thu, 17 Feb 2000, I wrote:

Perl's tainting mechanism only comes into play if you are invoking a
external command in some way: via system, exec, backticks, or opening a
filehandle to or from a pipe. For example,

I need to correct myself here, before Randall does it for me. :)

Perl's tainting mechanism will also come into play when opening a
filehandle for writing:

[bsides () koala /tmp]$ cat splort.pl
#!/usr/bin/perl -T
$ENV{PATH}=''; # we need a safe path
$ENV{BASH_ENV}=''; # and a safe bash env
open(PW, ">$ARGV[0]") or die $!;
print PW "splort\nsplort\nsplort\n";
[bsides () koala /tmp]$ ./splort.pl splort
Insecure dependency in open while running with -T switch at ./splort.pl
line 4.

Brock Sides
Unix Systems Administration
Towery Publishing
bsides () towery com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]