|
Tainted variable problem (PERL)
Hi all,
some unusual problem. I have written a script without any -T but still it is doing taint checking... I am passing directory name like /abc/foo/ as command line param, then it is accessed in the script using ARGV[1]; e.g. my $a = $ARGV[1]; when I use $a, it gives Insecure dependency in `` while running with -T switch. Why ??? I am not using -T either. Any help will be appreciated. Code snippet is below: my $ROOT_FS = $ARGV[1]; # setting some initial environment settings # first changing to root my $ruid = $<; $<=$>; # executing priveleged commands system ("chown", "-R", "root:root", $ROOT_FS); system ("chmod", "-R", "777", $ROOT_FS); my $logfile = $ROOT_FS."temp/root_fs2/mnt/tmp/resultlog"; system (">$logfile"); # restoring ruid $<=$ruid; it gives error messages from all system commands. It is executed y user apache and the script needs root privilege to run the commands. rajat garg |
Is your script suid (or sgid)? perl understands -T whenever you run your script suid. If you are quite sure that what is in $ROOT_FS is safe, you can do this:
Code:
$ROOT_FS =~ /(.*)/; |
| All times are GMT -5. The time now is 04:04 PM. |