Re: [patch@35055] taint.t minor patch for VMS

2008-12-10 Thread Craig A. Berry 


On Dec 9, 2008, at 10:30 PM, John E. Malmberg wrote:


Tainting DCL$PATH has no effect on Perl on VMS.


But DCL$PATH will be used by DCL after invoking system() or backticks  
in a manner very similar to how PATH is used on other systems.   
Tainting is specifically designed to handle just such interactions  
with the outside world.


That logical name is not currently used internal to Perl so it never  
gets checked to see if it is tainted.



Check again:

$ search *.c dcl$path

**
D0:[CRAIG.perl]mg.c;1

if (s  klen == 8  strEQ(ptr, DCL$PATH)) {
do {  /* DCL$PATH may be a search list */

**
D0:[CRAIG.perl]taint.c;1

char name[10 + TYPE_DIGITS(int)] = DCL$PATH;
len = my_sprintf(name,DCL$PATH;%d, i);
taint_proper(Insecure %s%s, $ENV{DCL$PATH});
taint_proper(Insecure directory in %s%s, $ENV{DCL 
$PATH});


**
D0:[CRAIG.perl]util.c;1

   (!hasdir  my_trnlnm(DCL$PATH,tmpbuf,idx++)) )





Craig A. Berry
mailto:[EMAIL PROTECTED]

... getting out of a sonnet is much more
 difficult than getting in.
 Brad Leithauser

Re: [patch@35055] taint.t minor patch for VMS

2008-12-10 Thread John E. Malmberg 

Craig A. Berry wrote:


On Dec 9, 2008, at 10:30 PM, John E. Malmberg wrote:


Tainting DCL$PATH has no effect on Perl on VMS.


But DCL$PATH will be used by DCL after invoking system() or backticks in 
a manner very similar to how PATH is used on other systems.  Tainting is 
specifically designed to handle just such interactions with the outside 
world.


That logical name is not currently used internal to Perl so it never 
gets checked to see if it is tainted.


Opps, I only checked VMS.c



Check again:

$ search *.c dcl$path

**
D0:[CRAIG.perl]mg.c;1

if (s  klen == 8  strEQ(ptr, DCL$PATH)) {
do {  /* DCL$PATH may be a search list */

**
D0:[CRAIG.perl]taint.c;1

char name[10 + TYPE_DIGITS(int)] = DCL$PATH;
len = my_sprintf(name,DCL$PATH;%d, i);
taint_proper(Insecure %s%s, $ENV{DCL$PATH});
taint_proper(Insecure directory in %s%s, $ENV{DCL$PATH});

**
D0:[CRAIG.perl]util.c;1

   (!hasdir  my_trnlnm(DCL$PATH,tmpbuf,idx++)) )


It is still a TODO problem, with scratch directory set to world 
writeable, those two tests cases are failing.


-John
[EMAIL PROTECTED]
Personal Opinion Only