in reply to Re^2: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?
I use untaint_path() to check several filenames not just $^X.
To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.
On that topic, I am using the value of $^X in a qx// call. On Linux at least, if I don't untaint it, I get a nastygram about "insecure dependency." Should perl be a little smarter here?
In unix systems, it's possible to execute a binary at one path while making it think it's at a different path.
$ cat > a.c #include <stdio.h> int main(int argc, char** argv) { printf("%s\n", argv[0]); return 0; } $ gcc -o a a.c $ perl -e'exec { "a" } "evil"' evil
Based on a comment in $^X, it looks like there's a way for processes to find out which binary is actually being executed on some systems, and Perl uses it.
If the following doesn't print "evil" on your system, $^X can probably be trusted on your system.
$ perl -e'system { "perl" } "evil", "-le", "print \$^X"' /usr/bin/perl
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^4: One true regexp for untainting windows filenames?
by jaldhar (Vicar) on Jan 09, 2009 at 19:42 UTC | |
by ikegami (Patriarch) on Jan 09, 2009 at 19:59 UTC |