LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 07-29-2004, 12:24 PM   #1
rajatgarg
Member
 
Registered: Oct 2003
Posts: 41

Rep: Reputation: 15
Tainted variable problem (PERL)


Hi all,

some unusual problem. I have written a script without any -T but still it is doing taint checking...

I am passing directory name like /abc/foo/ as command line param, then it is accessed in the script using ARGV[1];

e.g. my $a = $ARGV[1];

when I use $a, it gives Insecure dependency in `` while running with -T switch.

Why ??? I am not using -T either.

Any help will be appreciated.

Code snippet is below:


my $ROOT_FS = $ARGV[1];

# setting some initial environment settings

# first changing to root

my $ruid = $<;
$<=$>;
# executing priveleged commands
system ("chown", "-R", "root:root", $ROOT_FS);
system ("chmod", "-R", "777", $ROOT_FS);
my $logfile = $ROOT_FS."temp/root_fs2/mnt/tmp/resultlog";
system (">$logfile");
# restoring ruid
$<=$ruid;


it gives error messages from all system commands. It is executed y user apache and the script needs root privilege to run the commands.


rajat garg
 
Old 07-29-2004, 01:54 PM   #2
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 43
Is your script suid (or sgid)? perl understands -T whenever you run your script suid. If you are quite sure that what is in $ROOT_FS is safe, you can do this:
Code:
$ROOT_FS =~ /(.*)/;
$ROOT_FS = $1;
to untaint it. But make sure it's safe!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl variable string search ugenn Programming 1 05-07-2004 08:19 PM
Perl Message board variable cadj Programming 3 04-21-2004 06:23 AM
Perl question re arrays/variable names Jon- Linux - Software 1 09-19-2003 10:29 AM
Perl: system() mail losing a variable value m0rl0ck Programming 8 09-09-2003 06:40 PM
question about $_ (default variable) in Perl realos Programming 4 07-04-2003 05:09 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration