bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cd with multiple arguments?


From: Illia Bobyr
Subject: Re: cd with multiple arguments?
Date: Fri, 17 Dec 2010 12:10:47 -0600
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Mnenhy/0.8.3 Thunderbird/3.1.7

On 12/17/2010 7:37 AM, Greg Wooledge wrote:
> [...]
> The single biggest problem demonstrated by that page is the tendency
> of people to invoke a shell from some other language to do something
> for them.  The example they use (from perl) is:
>
>    open ("/bin/ls /data/cardfiles | grep $searchspec |");
>
> Even if we fix all the shell mistakes (and this line trips three major red
> flags for me just at the shell level!), there's still a fundamental flaw --
> it's passing user input data to a command interpreter, namely /bin/sh
> (which is hidden by the perl syntax, but which is invoked implicitly).
>
> [...]

There is a "Taint Mode" in Perl that helps catch this kind of errors: 
http://gunther.web66.com/FAQS/taintmode.html

In a few words in this mode everything that comes from "the outside", 
like user input or an environment variable value, is marked as 
"tainted".  And the interpreter will give you an error if
you will try to pass this data into anything like open(), system() or 
other security sensitive things.

It is still possible to make an error that will cause user input to go 
into sensitive system calls but requires more effort, so it will 
unlikely to happen by acident.

This mode is designed to help writing CGI scripts.

Ilya Bobyr



reply via email to

[Prev in Thread] Current Thread [Next in Thread]