Boysenberry Payne wrote:
I'm not very familiar with Apache on OSX, does it by default
run setuid and/or setgid? Also are you running with taint on?
There was an issue with Apache::SmallProf and Apache::DProf when
running under taint mode, and I'm curious if it's also a problem
for Apache::DB itself.
Yes I do have taint on. I thought it was wise for the production server.
Should I just turn it off on my development server?
Everytim perl reads a variable under PerlOptions T, it checks the Taint flag.
If its tainted, and you
use in an insecure way, perl does what you are seeing.
This is not specific to mod_perl.
You didn't read perldoc perlsec as I suggested before, so I'll paste it for
clarity this time:
$path = $ENV{'PATH'}; # Tainted, but see below
$data = 'abc'; # Not tainted
system "echo $arg"; # Insecure
system "/bin/echo", $arg; # Considered insecure
# (Perl doesn't know about /bin/echo)
system "echo $hid"; # Insecure
system "echo $data"; # Insecure until PATH set
$path = $ENV{'PATH'}; # $path now tainted
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$path = $ENV{'PATH'}; # $path now NOT tainted
system "echo $data"; # Is secure now!
You _must_ untaint $ENV{PATH}. It just so happens that TermReady key is
getting hit before your code.
Its doing a system() or some other such thing which makes use of $ENV{PATH} to
find commands.
--
------------------------------------------------------------------------
Philip M. Gollucci ([EMAIL PROTECTED]) 323.219.4708
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com
1024D/A79997FA F357 0FDD 2301 6296 690F 6A47 D55A 7172 A799 97F
"In all that I've done wrong I know I must have done something right to
deserve a hug every morning and butterfly kisses at night."
