Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Bug in perl command line processing?

by EvanCarroll (Chaplain)
on May 22, 2012 at 20:06 UTC ( [id://971866]=perlquestion: print w/replies, xml ) Need Help??

EvanCarroll has asked for the wisdom of the Perl Monks concerning the following question:

I was playing around with some bugged command line processing by perl, and I discovered that I could execute code with -i. The argument -i is supposed to just turn on in place editing.

An example is provided: perl -i'foo e eval "warn q[bar]" '

I'm still not exactly sure how it works. Are there any security implications in this?



Evan Carroll
The most respected person in the whole perl community.
www.evancarroll.com

Replies are listed 'Best First'.
Re: Bug in perl command line processing?
by sauoq (Abbot) on May 22, 2012 at 20:43 UTC 

    $ perl -MO=Deparse -i'foo e eval "warn q[bar]";' -e1
BEGIN { $^I = "foo"; }
eval 'warn q[bar]';
'???';
-e syntax OK

    [download]

    -sauoq
    "My two cents aren't worth a dime.";
[reply]
[d/l]

      The -e1 is unnecessary. 

      $ perl -MO=Deparse -i'foo e eval "warn q[bar]";'
BEGIN { $^I = "foo"; }
eval 'warn q[bar]';
-e syntax OK

      [download]

      I vote bug.

      ---
      $world=~s/war/peace/g

[reply]
[d/l]

        The -e1 is unnecessary.

        That seems to be because perl sees the 'e' in 'foo e eval...' as an -e command line switch. Change it to something else besides 'e' and the behavior changes.

        It sort of feels like the same sort of exploit one should worry about when using the two-arg open unsafely, passing user data to a database without placeholders, or instantiating user data as variable names.


        Dave

[reply]
[d/l]
[select]
        The -e1 is unnecessary.

        Yes, sorry. I should have explained my intent... I was showing that by adding the ';' to the OP's you could include -e1 without an error.

        -sauoq
        "My two cents aren't worth a dime.";
[reply]
      Right that is obviously what is doing, but is that safe for Perl and not the shell to break apart an argument on spaces? This seems dangerous. You now need to sanitize your backup-character-extensions for space characters because perl may otherwise execute it as code?


      Evan Carroll
      The most respected person in the whole perl community.
      www.evancarroll.com
[reply]

        I think you found a real bug. And, sure, there are security implications. Theoretically, anyway. There are probably not that many places where this poses a real security threat. There's more potential for it to cause things to break and leave people scratching their heads though.

        -sauoq
        "My two cents aren't worth a dime.";
[reply]
Re: Bug in perl command line processing?
by Anonymous Monk on May 23, 2012 at 01:20 UTC
[reply]
Re: Bug in perl command line processing?
by Anonymous Monk on May 22, 2012 at 22:10 UTC
[reply]
[d/l]
Re: Bug in perl command line processing?
by Anonymous Monk on May 22, 2012 at 20:36 UTC
[reply]

      This completely misses the point.

      -sauoq
      "My two cents aren't worth a dime.";
[reply]

        This completely misses the point.

        Not it doesn't , the point of a "SEE ALSO" section is to "SEE ALSO"

        The OP doesn't even specify what shell he is dealing with, and this is shell quoting territory

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://971866]
Approved by ww
Front-paged by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2024-04-19 14:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found