Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: dennis () FUNKPLANET COM (Dennis Taylor)
Date: Fri, 18 Feb 2000 13:40:09 -0800
On Thu, Feb 17, 2000 at 10:33:07AM -0600, Brock Sides wrote:
Perl's tainting mechanism only comes into play if you are invoking a external command in some way: via system, exec, backticks, or opening a filehandle to or from a pipe. For example,
Not quite true. Tainting will block any of the following
operations, as near as I can tell from a cursory perusal of the
source:
- require()ing or use()ing a Perl library
- unlinking a file
- using the "glob" operator for expanding shell wildcards
- opening a file for writing
- in-place editing with the -i option
- changing the "user" component of your umask
- truncating a file via the truncate() function
- calling the ioctl() or fcntl() functions
- creating, binding, or connecting a new socket or socketpair
- changing directories
- calling chroot()
- renaming/moving a file
- linking a file (either link() or symlink())
- creating a new directory
- removing a directory
- executing an external command with a pipe (backticks, open"|", etc.)
- executing an external command with a fork and exec (system())
- executing an external command with exec()
- setpgrp() and setpriority()
- manually making a syscall with syscall()
...and probably a few others I've overlooked. Using -T in your
CGI script may not automagically make your program "secure", but it's
definitely a big step in the right direction.
_________________________________________________________________________
Dennis Taylor "Anyone whose days are all the same and free from
dennis () funkplanet com want inhabits eternity of a sort." - Peter Hoeg
_________________________________________________________________________
PGP Fingerprint: E8D6 9670 4FBD EEC3 6C6B 810B 2B30 E529 51BD 7B90
Current thread:
- Re: perl-cgi hole in UltimateBB by Infopop Corp., (continued)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
- AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
- Re: AUTORUN.INF Vulnerability Valentin Pletzer (Feb 20)
- MMDF Ran Atkinson (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bennett Todd (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Dennis Taylor (Feb 18)
- AIX SNMP Defaults harikiri (Feb 15)
- Re: AIX SNMP Defaults Michal Zalewski (Feb 17)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 21)
- riched32.dll buffer overflow Pauli Ojanpera (Feb 21)
- Re: AIX SNMP Defaults Troy Bollinger (Feb 17)
- Security Bulletins Digest Aleph One (Feb 17)
