Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re^2: PerlTaintCheck and configuration for secure paths

by geektron (Curate)
on Jun 22, 2006 at 17:44 UTC ( #556961=note: print w/replies, xml ) Need Help??


in reply to Re: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

$thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

I'll test it w/ Scalar::Util to ensure that's the tainted part ...

Replies are listed 'Best First'.
Re^3: PerlTaintCheck and configuration for secure paths
by shmem (Chancellor) on Jun 22, 2006 at 17:51 UTC
    If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

    In perlsec is a snippet of code:

    sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
    --shmem
    _($_=" "x(1<<5)."?\n".q/)Oo.  G\        /
                                  /\_/(q    /
    ----------------------------  \__(m.====.(_("always off the crowd"))."
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
      the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://556961]
help
Chatterbox?
[Eily]: hello people \o/
[karlgoethebier]: manpages..
[Eily]: and non-people and NodeReaper
[Discipulus]: you so kid to greet non people..;=)
Discipulus kind not kid..
[Corion]: The bots bow in response
[Discipulus]: so karlgoethebier, what this idiom is and where i can read about it? i tried to deparse and gives error..;=(
[karlgoethebier]: Eily: non-people == persone non grata?
[Your Mother]: Corion: I have lost the link to the pmdev guide(s). Do you have that handy?
[karlgoethebier]: Discipulus: see per lop please how to avoid the classic <c>perl dangerous.pl 'rm -rfv *|'</>

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (9)
As of 2017-07-21 08:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I came, I saw, I ...
























    Results (319 votes). Check out past polls.