Re: perl-cgi hole in UltimateBB by Infopop Corp.

From: Brock Sides (bsidesat_private)
Date: Fri Feb 18 2000 - 07:45:48 PST

Next message: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"

Previous message: monti: "Re: FireWall-1 FTP Server Vulnerability"
Maybe in reply to: Sergei A. Golubchik: "perl-cgi hole in UltimateBB by Infopop Corp."
Next in thread: Irwin Lazar: "Re: perl-cgi hole in UltimateBB by Infopop Corp."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 17 Feb 2000, I wrote:

> Perl's tainting mechanism only comes into play if you are invoking a
> external command in some way: via system, exec, backticks, or opening a
> filehandle to or from a pipe. For example,

I need to correct myself here, before Randall does it for me. :)

Perl's tainting mechanism will also come into play when opening a
filehandle for writing:

[bsides@koala /tmp]$ cat splort.pl
#!/usr/bin/perl -T
$ENV{PATH}=''; # we need a safe path
$ENV{BASH_ENV}=''; # and a safe bash env
open(PW, ">$ARGV[0]") or die $!;
print PW "splort\nsplort\nsplort\n";
__END__
[bsides@koala /tmp]$ ./splort.pl splort
Insecure dependency in open while running with -T switch at ./splort.pl
line 4.

--
Brock Sides
Unix Systems Administration
Towery Publishing
bsidesat_private

Next message: Alexander Schreiber: "Re: 'cross site scripting' CERT advisory and MS"
Previous message: monti: "Re: FireWall-1 FTP Server Vulnerability"
Maybe in reply to: Sergei A. Golubchik: "perl-cgi hole in UltimateBB by Infopop Corp."
Next in thread: Irwin Lazar: "Re: perl-cgi hole in UltimateBB by Infopop Corp."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:54 PDT