On Thu, 6 Sep 2001, Stas Bekman wrote:
> On Thu, 6 Sep 2001, Gary Benson wrote:
>
> >
> > On 6 Sep 2001 [EMAIL PROTECTED] wrote:
> >
> > > stas 01/09/05 19:36:44
> > >
> > > Modified: perl-framework/Apache-Test/lib/Apache TestConfig.pm
> > > TestConfigParse.pm
> > > Log:
> > > - enable taint mode in tests via PerlSwitches -T
> > > - untaint $ENV{PATH} before using open "-|"
> >
> > [snip]
> >
> > > diff -u -r1.7 -r1.8
> > > --- TestConfigParse.pm 2001/08/20 15:20:50 1.7
> > > +++ TestConfigParse.pm 2001/09/06 02:36:44 1.8
> > > @@ -220,6 +220,8 @@
> > >
> > > my $version;
> > > my $cmd = "$httpd -v";
> > > + # untaint
> > > + $ENV{PATH} = '/bin:/usr/bin';
> > > open my $v, '-|', $cmd or die "$cmd failed: $!";
> > >
> > > local $_;
> >
> > This breaks on mine even though $httpd is an absolute path at this point.
>
> You mean if you don't add the patch from above?
>From a clean, current CVS checkout:
% cd httpd-test/perl-framework
% export PATH=/path/to/httpd-and-apxs:$PATH
% perl Makefile.PL
% make
% t/TEST -start-httpd
setting ulimit to allow core files
ulimit -c unlimited
exec t/TEST -start-httpd
cannot build c-modules without apxs
no test server configured, please specify an httpd or apxs or put either in
your PATH
> > I'm not familiar enough with Perl to know why this should be, but is there
> > a better way (like $ENV{PATH} = '/bin:/usr/bin' unless $httpd =~ m:^/:;).
> > Would that successfully untaint it?
>
> It's not about being absolute path or not, it's about opening "-|", which
> is insecure if $ENV{PATH} is not untainted.
I don't really think I understand this line:
| open my $v, '-|', $cmd or die "$cmd failed: $!";
As far as I see it, '-|' means perform an explicit fork, with return
value of open being child pid in the parent and 0 in the child. From what
I see, it looks like you should be doing either of these two:
| open my $v, "$httpd|" or die "$cmd failed: $!";
| open my $v, '-|' or exec $httpd or die "$cmd failed: $!";
I'm not saying that your code is _wrong_: I'm saying I don't understand
it. I can see what your line does, but now how it does it or why '-|' is
insecure.
> > I can't tell, since mine doesn't complain about it being tainted at this
> > point and I can't figure out a way to make it do so. Why do you need to
> > untaint here anyway? Is this something from mod_perl? I'm confused!
>
> What's your Perl version? perl -v ?
v5.6.1
I'm just running it as my UID, so would taint checking happen anyway?
Gary
[ Gary Benson, Red Hat Europe ][ [EMAIL PROTECTED] ][ GnuPG 60E8793A ]
