Home page logo

bugtraq logo Bugtraq mailing list archives

Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: dennis () FUNKPLANET COM (Dennis Taylor)
Date: Fri, 18 Feb 2000 13:40:09 -0800

On Thu, Feb 17, 2000 at 10:33:07AM -0600, Brock Sides wrote:

Perl's tainting mechanism only comes into play if you are invoking a
external command in some way: via system, exec, backticks, or
opening a filehandle to or from a pipe. For example,

        Not quite true. Tainting will block any of the following
operations, as near as I can tell from a cursory perusal of the

   - require()ing or use()ing a Perl library
   - unlinking a file
   - using the "glob" operator for expanding shell wildcards
   - opening a file for writing
   - in-place editing with the -i option
   - changing the "user" component of your umask
   - truncating a file via the truncate() function
   - calling the ioctl() or fcntl() functions
   - creating, binding, or connecting a new socket or socketpair
   - changing directories
   - calling chroot()
   - renaming/moving a file
   - linking a file (either link() or symlink())
   - creating a new directory
   - removing a directory
   - executing an external command with a pipe (backticks, open"|", etc.)
   - executing an external command with a fork and exec (system())
   - executing an external command with exec()
   - setpgrp() and setpriority()
   - manually making a syscall with syscall()

        ...and probably a few others I've overlooked. Using -T in your
CGI script may not automagically make your program "secure", but it's
definitely a big step in the right direction.

Dennis Taylor           "Anyone whose days are all the same and free from
dennis () funkplanet com    want inhabits eternity of a sort."  - Peter Hoeg
   PGP Fingerprint: E8D6 9670 4FBD EEC3 6C6B  810B 2B30 E529 51BD 7B90

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]