[tpm] securing a CGI program from malicious user data
fulko.hew at gmail.com
Wed Feb 18 11:39:43 PST 2009
I'm providing a mechanism so that a system can be configured
to 'run' executables on remote machines based on configuration
information submitted in a CGI text field.
Obviously I don't want to allow the user to trash the system.
I'm going to:
1/ restrict the system to allow it to only execute 'trusted' apps
located in a 'known' directory. (can I make a chroot jail in Perl/CGI?)
2/ strip characters from the invocation string that could be used to hurt
semicolon - because another malicious command could follow
backtic - because that could run another program
( ) - because that could invoke a sub-shell to run ...
| - because that could invoke ...
& - because other stuff might follow
> - because that could clobber an important file
any \0xxx string that represents any of the above 'nasty' characters.
Tainging only talks about the concept, not what to de-taint.
- Are there any other things I should check for/prevent?
- Is there any standard/common resource on the web that you
know of that talks about this (that I haven't found yet)?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the toronto-pm