Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^3: Inline.pm and untainting

by Just in (Sexton)
on Jul 29, 2009 at 08:11 UTC ( #784155=note: print w/ replies, xml ) Need Help??


in reply to Re^2: Inline.pm and untainting
in thread Inline.pm and untainting

I'm surprised that env_untaint was written that way. 0022 as a umask is 755 permission wise which gives the idea that r and x for group members and everyone else actually works for Windows in a Linux/UNIX way.

Reading stat under perlfunc years ago led me to believe that only a handful of the 13 elements actually worked under Windows. Looking at it now hints that there maybe some cause for doubt - "Not all fields are supported on all filesystem types".

The concept of group and everyone for Windows does work under domains but not directories, which is why stat returns 0777 even on readonly.

Shortcoming of stat - I'd say so, but it's not actually since we're given warning. To get directories that you can't write to I'd use Win32::File so

and not ((stat($_))[2] & 0022)

becomes

and ( $attr & READONLY )

I was going to go through the bitwise & permissions that would yield 0 with 0022, but I actually came on PM to look for something else and now it's home time :p

Just in

P.S. your box is fine


Comment on Re^3: Inline.pm and untainting
Select or Download Code
Re^4: Inline.pm and untainting
by syphilis (Canon) on Jul 30, 2009 at 09:43 UTC
    and ( $attr & READONLY )

    That doesn't seem to do quite the same thing. GetAttributes() tells me that neither C:/Windows/System32 nor many of the files in it are READONLY. Yet, I can't write to that directory, or to any of the files in it.

    Cheers,
    Rob

      GetAttributes() (from Win32::File) returns the file attributes that were invented around 1980 for MS-DOS, namely ARCHIVE, DIRECTORY, HIDDEN, READONLY, and SYSTEM, plus three new using the remaining bits of a byte, invented somewhere around Windows 98 or NT 4.0: OFFLINE, COMPRESSED, and TEMPORARY. Again, these attributes do not have any relation to the ACLs. Win32::Security::ACL should be able to access the ACLs and to tell you why you can't write to the directory.

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
        Thanks for that. A CPAN search for Win32::Security::ACL also turned up Win32::FileSecurity. I haven't yet got into the finer details of comparing them.

        Cheers,
        Rob

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784155]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2014-12-21 04:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (103 votes), past polls