Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379
Rep:
Use perl insted of ksh/bash, as perl support more feature to check input (passed via args) since the filenames to be concatenated will be POSTed as parameters.
the attacker won't destroy your system as you probably got apache as nobody, but still your files are gone and what ever nobody can delete will be deleted.
Krugger: yes, the files are indexed by date, and I'm checking to make sure that the input is a valid date. Is there anything else I should think about?
nixcraft: if you can figure out a way to call gs from perl, with parameters, and without using "system" calls, let me know.
If you use number or such remember that the attacker can craft the GET or POST.
if you changed to php or something else beware of code injection, in shell script it is the same.
now that you are thinking about the ';', think about these:
$(ls -la)
' $(ls -la) '
This will be interpreted by the ksh and to do the substitution it will have to execute the command. Of course this might not work as I don't know how you are doing the verifications on the date.
Also beware of its size, although I don't think gs is vunerable to bufferoverflow.
Perl must have a pdf api. It has one for almost everything.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.