On Thu, 11 Jan 2001, Paul Sack wrote:
> I don't know if this is obvious or not, but if you use $arguments, instead
> of of arguments, and $arguments is influenced by a CGI variable in any
> way, be *very* careful if you use $arguments in the command-line.
>
> Also, I suggest using the -T flag (Taint mode) if you are using Perl w/
> Apache.
Absolutely correct. I wasn't really sure if the system (PHP + perl) was
being run with data provided by or under the manipulation of an outside
user when I replied. Using backticks (``) or open() with a command
line calls the shell, as well, so this can be exploited by a Bad Guy via
all the usual shell expansion and redirection tomfoolery.
Running with taint is always a good idea for web-exposed scripts. Read
the perlsec manpage and other docs to understand all the implications of
this. Can be a big PITA until you grasp it, but it should keep you from
getting majorly burned.
There is a way to safely call a piped open() (ie. on for reading output
or providing input through pipes) in this environment, but I'm not
recalling it off the top of my head and I'm away from my books. It
involves forking off a child process and reading from/writing to it. The
perl cookbook has a good discussion of this[1]. Relevant manpages include
perlsec, perlipc, and perlfunc.
Mike
[1] chapter 19 iirc. there's also a chapter on this sort of stuff in the
camel book IIRC.
*****************Michael Orion Jackson******************
***********TAMS Class of 96/UT Class of 200?************
*********************Random Quote:**********************
*"I'm stumbling blindly towards ecstasy, finding you."**
********************************************************
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
