>>>>> "Bill" == Bill McKinnon <mckinnonat_private> writes: >> Perl's open will dup other file descriptors if < is followed by &. This >> isn't as potentially problematic as forking commands, but there may be >> circumstances where someone could dup a filehandle and cause your script >> to behave strangely/output sensitive information/etc. There are two secure opening mechanisms (3 in perl 5.6 forthcoming). sysopen() emulates the open(2) interface (without the normal magic), and the following code handles arbitrary filenames to open: $name = "./$name" unless $name =~ m{^/}; open FILE, "< $name" or die "..."; I believe this has been documented for quite some time. We can't help people who don't read the docs. Bill> Interesting. And for the curious, this doesn't seem to be noticed by Bill> Perl's tainting mechanism, unless I'm misunderstanding something: Bill> $ perl -T - '&PW' Bill> open(PW, "/etc/passwd") or die "open(): $!\n"; Taint mode never complains about the data being passed to a filename open for *input*. The data being read is tainted, however. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlynat_private> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:49 PDT