Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^2: One true regexp for untainting windows filenames?

by jaldhar (Vicar)
on Jan 08, 2009 at 22:13 UTC ( #735034=note: print w/ replies, xml ) Need Help??


in reply to Re: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?

It seems that despite the length of my post I still managed to leave out some pertinent information. Sorry! I use untaint_path() to check several filenames not just $^X. It just happens that this is the first test that encountered a weird path. So the question still stands even if $^X is safe.

On that topic, I am using the value of $^X in a qx// call. On Linux at least, if I don't untaint it, I get a nastygram about "insecure dependency." Should perl be a little smarter here?

As for the regexps themselves, I am embarrassed to say I just copied them from existing code. Now I will use the ones from File::Basename as cdarke suggested.

Thank you for your help.

--
જલધર


Comment on Re^2: One true regexp for untainting windows filenames?
Re^3: One true regexp for untainting windows filenames?
by ikegami (Pope) on Jan 09, 2009 at 05:14 UTC

    I use untaint_path() to check several filenames not just $^X.

    To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

    On that topic, I am using the value of $^X in a qx// call. On Linux at least, if I don't untaint it, I get a nastygram about "insecure dependency." Should perl be a little smarter here?

    In unix systems, it's possible to execute a binary at one path while making it think it's at a different path.

    $ cat > a.c #include <stdio.h> int main(int argc, char** argv) { printf("%s\n", argv[0]); return 0; } $ gcc -o a a.c $ perl -e'exec { "a" } "evil"' evil

    Based on a comment in $^X, it looks like there's a way for processes to find out which binary is actually being executed on some systems, and Perl uses it.

    If the following doesn't print "evil" on your system, $^X can probably be trusted on your system.

    $ perl -e'system { "perl" } "evil", "-le", "print \$^X"' /usr/bin/perl

      To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

      Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error.

      I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking.

      Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else.

      --
      જલધર

        Safe to use in qx//; in taint mode

        In such general terms, it's impossible. You can make it so qx// doesn't croak, but you can't make it safe. Need more info.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://735034]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2015-07-05 13:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (67 votes), past polls