>>>>> On Sat, 25 May 2002 11:20:32 -0400, "Lee E. Brotzman" <lebat_private> said: LEB> [..snip..] LEB> I write almost all my CGI in Perl and indeed the setuid Perl LEB> scripts are run by suidperl. This gives me the "taint" feature LEB> whereby I must untaint any user input -- a good feature, but LEB> certainly no cure-all. You can always untaint anything by just LEB> matching it to the regexp "/^.*$/". For a client, I developed an LEB> Untaint library that has regexps for checking phone numbers, file LEB> names (only allowing alphanumerics and decimals), file paths LEB> (checking that all directories in the path exist and are LEB> readable), 7-bit clean, and other special cases -- even the LEB> "match anything" test (I call that method Untaint::StillNotSafe). LEB> Note that if you use suEXEC to invoke a setuid Perl script, you LEB> will lose the tainted-data feature. Another reason I don't like LEB> suEXEC. I'd prefer the script bombs if I try to use untested LEB> external data. You don't have to use suidperl to get taint checks. Just add -T in shebang line. See 'perldoc perlrun' and 'perldoc perlsec'. -- Ilya Martynov (http://martynov.org/)
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 13:11:42 PDT