[tpm] Taint question
Shaun Fryer
sfryer at sourcery.ca
Thu Aug 30 10:28:55 PDT 2007
The culprit is 'use locale' (try commenting it out). Maybe someone else
can explain why, but I'm guessing from the man page that it messes with
how perl compiles regexes. Sadly, if you replace your regex with /(.*)/,
it becomes untainted, even with 'use locale'.
--
Shaun Fryer
On Thu, Aug 30, 2007 at 10:14:19AM -0400, Madison Kelly wrote:
> Hi all,
>
> I've got a script (installer for my app) that I am working on. I am
> trying to do it "the right way", but I have run into a wall with a taint
> problem. Specifically, I am unable to launder a variable in the way that
> is described in 'perldoc perlsec'.
>
> Specifically (code somewhat simplified for clarity and brevity):
>
> -=-=-=-
> #!/usr/bin/perl -T
> $ENV{PATH} = '/bin:/usr/bin';
> delete @ENV{qw{IFS CDPATH ENV BASH_ENV}};
>
> # MADI: This allows me to develop my modules in the same directory. Move
> this
> # out later.
> BEGIN { push @INC, "./"; }
>
> use strict;
> use warnings;
> use POSIX;
> use locale;
> use IO::Handle;
> use Scalar::Util qw(tainted);
>
> # A bunch of unrelated code...
>
> # Record the current directory.
> my $shell_call="pwd";
> my $pwd=IO::Handle->new();
> open ($pwd, "$shell_call 2>&1 |") || die "Error calling: $shell_call,
> error: $!\n";
> my $initial_dir=<$pwd>;
> chomp($initial_dir);
> $pwd->close();
> # This is tainted, need to launder.
> if ( $initial_dir =~ /^([-\w\/.]+)$/ )
> {
> $initial_dir=$1;
> }
> else
> {
> die "path: [$initial_dir] looks insecure.\n";
> }
> my $tainted=tainted($initial_dir);
> print __LINE__."; 'tainted': [$tainted]?\n";
More information about the toronto-pm
mailing list