> - -snip- > > # If the first argument is "@filename", read the real arguments > # from "filename", and shove them onto the ARGV for later processing > # by &Getopts() > # > if ($ARGV[0] =~ /^\@/) { > $fn = shift(@ARGV); > $fn =~ s/^@//; > open(AV, $fn) || die("open(AV, \"$fn\"): $!\nStopped"); > > - -snip- This security problem is as common as Perl scripts. Perl programmers should always specify for open what they want to do (read/write) and just not be lazy and skip that when they want to read. A simple fix like: open(AV, "< $fn") || die("open(AV, \"< $fn\"): $!\nStopped"); should fix this problem. As we specify that we are reading by using the < (less than) the script will simple choke and say that it can't open the filename starting with a | (pipe), instead of running the filename. There is no need, I believe, to use the sysopen function as someone else suggested earlier. I believe this security hole has been covered in some other advisory concerning all Perl (especially CGI) scripts. -- Henrik Edlund http://www.edlund.org/ "They were in the wrong place at the wrong time. Naturally they became heroes." Leia Organa of Alderaan, Senator
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:24:14 PDT