Hi folks,
I've got an AIX 4.2 box running our company management system and I've got a
problem.
when a user logs in (e.g. gary) the /etc/profile runs a small C program which
is setuid live:livetp which in turn runs our COBOL based app.
In the app I call a perl script which takes a plain text file which was used
to print via a dot-matrix printer onto multi-part paper, and extracts the
data for later use.
However, when I try to run it I get the following problem logged. The section
of code that is the problem is shown below (the open clause is the thing
that's failing).
Can anyone tell me how to fix this. I've tried untainting the $_[0] by storing
it in a local variable and runing a regex to remove dodgy characters and that
doesn't seem to fix it.
C.parts.I.41290Insecure dependency in open while running setuid at
/rwsys1/production/tp/RELEASE/rwlpr line 126.
CSP9DOCP: call failed: rwlpr LP430203 01 $RWDDATA/DOCUMENT/ICL02957.LP
1>&2
Code snippet. ($_[0] in this instance contained ICL02957.LP) and the unless
open line is line 126
sub dump_invoice {
return unless (open FIN,">DATA/$_[0]");
print FIN "$_\t$fields{$_}\n" foreach (sort keys %fields);
print FIN "\n";
print FIN "$_\n" foreach @dlines;
close(FIN);
}
--
Gary Stainburn
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
