John M Vinopal wrote:
> On Sat, Jan 15, 2000 at 06:18:32PM -0600, Ken Williams wrote:
> > [EMAIL PROTECTED] (John M Vinopal) wrote:
> > >On Sat, Jan 15, 2000 at 06:23:57AM -0800, Bill Moseley wrote:
> > >> in httpd.conf:
> > >> PerlTaintCheck On
> > >>
> > >> my $page = CGI::param('goto');
> > >> unless ( open( FH, $page ) )
> > >>
> > >> Why didn't that open() trigger a taint error?
> > >
> > >Tainting only triggers on write, not on read.
> >
> > Yeah, but suppose $page contains 'rm -r /* |'. That could be bad news.
> > open() can do lots of stuff besides reading.
> >
> Then its not a read and the tainting rules apply.
>
> -j
If taint mode is on, adding a piped system command will fail.
If taint mode is off so that it can't catch this problem, if you do "<$page"
for the file to open for reading instead of $page by itself, adding a pipe to
$page will also no longer work. The < overrides the intention of any pipes in
the filename strings.