[tpm] securing a CGI program from malicious user data
Fulko Hew
fulko.hew at gmail.com
Wed Feb 18 11:39:43 PST 2009
Problem:
I'm providing a mechanism so that a system can be configured
to 'run' executables on remote machines based on configuration
information submitted in a CGI text field.
Obviously I don't want to allow the user to trash the system.
I'm going to:
1/ restrict the system to allow it to only execute 'trusted' apps
located in a 'known' directory. (can I make a chroot jail in Perl/CGI?)
2/ strip characters from the invocation string that could be used to hurt
me:
semicolon - because another malicious command could follow
backtic - because that could run another program
( ) - because that could invoke a sub-shell to run ...
| - because that could invoke ...
& - because other stuff might follow
> - because that could clobber an important file
any \0xxx string that represents any of the above 'nasty' characters.
Tainging only talks about the concept, not what to de-taint.
- Are there any other things I should check for/prevent?
- Is there any standard/common resource on the web that you
know of that talks about this (that I haven't found yet)?
TIA
Fulko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/toronto-pm/attachments/20090218/dc6a9ad7/attachment.html>
More information about the toronto-pm
mailing list