"Jonathan E. Paton" <[EMAIL PROTECTED]> wrote:
>> something like opening a file, but can somebody
>> show me how example below can compromise my website?
>>
>> open(F, "/home/users/me/web/$in{'NAME'}.ext");
>
>What if $in{'NAME'} started with "../../../../tmp/"?
>
>Now, if in the tmp directory a link was created with that
>file extension, then they could open anything according to
>your scripts permissions. Scary, but not far fetched -
>it's a frequently exploited idea.
That's true but this is not of my primary concern(there are no crackers with
telnet access to the site :)). I'm thinking more of other scary possibility,
that web visitors can execute commands abusing ';' or '|'.
>> Does something like '; rm * ;' can actually execute?
>> (note suffix '.ext')
>
>Not in this instance, $in{'NAME'} must result in a string,
Yes %in is filled with parsed user variables, so I'm safe than, huh? :)
>it can't magically turn into a subroutine call... unless
>it's a tied hash - which you'd definately know about.
No, actually I don't, could you point me somewhere to perldoc?
>At the top of your script use:
>
>#!/usr/bin/perl -wT
>
>This code won't even work, since it'll be reported as
>insecure. When you've worked that bit out, you'll be back
>for a way of untainting your data ;-) We'll be waiting!
Tnx, I've read somewhere about -T switch but right now don't have time to
toy with, variable filtering works nicely.
--
Matija
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
