mod_perl 2.0.1
Fedore Core 4
Apache
Taint Mode
I am trying to delete a file using an absolute path from a mod_perl script
running in taint mode under apache. This error is where I stopped trying to
fix the problem and decided to use a cron job to delete files no longer
connected to active data in my database.
However, I would like to solve this problem and understand the pitfall.
After many generations, the code patch looks like this:
my $fp = &$FP_DOCUMENTS($cid, $uid);
$ENV{'PATH'} = '';
delete @ENV{qw( IFS CDPATH ENV BASH_ENV )};
my $saved_euid = $>;
my $saved_egid = $);
$> = $<;
$) = $(;
$fp =~ /(.*)/;
unlink $fp;
$> = $saved_euid;
$) = $saved_egid;
I know both the path and the $fp variable are untainted as I was using a
check function to test it. I know it works as I took it out of the camel
book and tested it.
The directory containing the target file has permissions of 2775 (including
sgid bit) and the owner and group are both 'ws'. The target file has
permissions 0660, the group is 'ws', and the owner is 'apache', 'ws',
'tomcat', or 'wsftp', all of which are in the group 'ws'.
I can perform the unlink from non-mod_perl scripts without a problem. I
have not tested these scripts in Taint mode as I have no need for this.
I have read all that I can find regarding perl security and taint mode and
tried every solution I could find on the Internet with the exception of
forking a child process which is the last suggestion in the camel book--I
would really rather not do this from mod_perl under apache as I do not know
how it will affect apache if zombies get left in memory for whatever reason.
As I said, I will solve this problem for the moment by using a cron job. If
anyone has any ideas, though, I'd love to hear them.
--
View this message in context:
http://www.nabble.com/Insecure-dependency-in-unlink-while-running-with--T-switch-tf4045039.html#a11490226
Sent from the mod_perl - General mailing list archive at Nabble.com.
