> > > This breaks on mine even though $httpd is an absolute path at this point.
> >
> > You mean if you don't add the patch from above?
>
> >From a clean, current CVS checkout:
BTW, be aware of the HEAD httpd-2.0, somebody has broken the source file
used by httpd-2.0, nothing will work if you update this build.
> % cd httpd-test/perl-framework
> % export PATH=/path/to/httpd-and-apxs:$PATH
> % perl Makefile.PL
> % make
> % t/TEST -start-httpd
> setting ulimit to allow core files
> ulimit -c unlimited
> exec t/TEST -start-httpd
> cannot build c-modules without apxs
> no test server configured, please specify an httpd or apxs or put either in
> your PATH
That's because you have to configure it:
perl Makefile.PL apxs /path/to/httpd/bin/apxs
I think README says that. Or you should run:
t/TEST httpd /path/to/apache/bin/httpd -start
> > > I'm not familiar enough with Perl to know why this should be, but is there
> > > a better way (like $ENV{PATH} = '/bin:/usr/bin' unless $httpd =~ m:^/:;).
> > > Would that successfully untaint it?
> >
> > It's not about being absolute path or not, it's about opening "-|", which
> > is insecure if $ENV{PATH} is not untainted.
>
> I don't really think I understand this line:
>
> | open my $v, '-|', $cmd or die "$cmd failed: $!";
>
> As far as I see it, '-|' means perform an explicit fork, with return
> value of open being child pid in the parent and 0 in the child. From what
> I see, it looks like you should be doing either of these two:
>
> | open my $v, "$httpd|" or die "$cmd failed: $!";
that's the triple args open which is safer than two args open. It's the
same as:
open my $v, "$httpd|" or die "$cmd failed: $!";
See the output of:
% perldoc -f open
If the filename begins with "'|'", the filename is
interpreted as a command to which output is to be
piped, and if the filename ends with a "'|'", the
filename is interpreted as a command which pipes
output to us. See the Using open() for IPC entry
in the perlipc manpage for more examples of this.
(You are not allowed to "open" to a command that
pipes both in and out, but see the IPC::Open2
manpage, the IPC::Open3 manpage, and the
Bidirectional Communication with Another Process
entry in the perlipc manpage for alternatives.)
If MODE is "'|-'", the filename is interpreted as
a command to which output is to be piped, and if
MODE is "'-|'", the filename is interpreted as a
command which pipes output to us. In the
> | open my $v, '-|' or exec $httpd or die "$cmd failed: $!";
>
> I'm not saying that your code is _wrong_: I'm saying I don't understand
> it. I can see what your line does, but now how it does it or why '-|' is
> insecure.
whenever '|' is used in the open() call, $ENV{PATH} and a few other env
vars have to be untainted. See the perlsec manpage.
the triple args open() is safer than double, becase the latter invokes
shell and then one can try to slide in something like "filename; rm -rf
/", whereas with the former the sysopen() is used instead and no shell
interpretation problems happen.
> > > I can't tell, since mine doesn't complain about it being tainted at this
> > > point and I can't figure out a way to make it do so. Why do you need to
> > > untaint here anyway? Is this something from mod_perl? I'm confused!
> >
> > What's your Perl version? perl -v ?
>
> v5.6.1
just almost like me. I'm running 5.7.1
> I'm just running it as my UID, so would taint checking happen anyway?
Yup. Don't confuse taint problems with setuid problems. Taint things are
the same no matter what your UID is.
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
