Re^5: Any security holes?

Thanx - thats also what LanX suggested so my script is now this:

#!C:\Perl64\site\bin\perl.exe
use strict;
use warnings;
use HTML::Entities;
use CGI;

my $cgi = CGI->new();

my $nick = $cgi->param('nick');
my $pic = $cgi->param('pic');
my $say = $cgi->param('say');
my $likes = $cgi->param('likes');
my $fav = $cgi->param('fav');
my $car = $cgi->param('car');
my $age = $cgi->param('age');
my $town = $cgi->param('town');
my $drink = $cgi->param('drink');
my $wpage = $cgi->param('wpage');

encode_entities($_)
   for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp
+age;

open(my $fh, '>>', 'drivers.html');
print "Content-type:text/html\r\n\r\n";
print $fh "<b>$nick</b><br><img src='$pic' width='250' height='auto' b
+order='2'><br><br>Says <b>$say</b><br>Likes <b>$likes</b><br>Favorite
+ vehicle <b>$fav</b><br> Real life car/vehicle <b>$car</b><br>Age <b>
+$age</b><br>Hometown <b>$town</b><br>Favorite drink <b>$drink</b><br>
+<b><a href='$wpage'>$wpage</a></b><HR color=#008000 SIZE=2>\n";
print "<html><head><meta http-equiv = 'refresh' content = '0; url = dr
+ivers.html' /></head>";
close $fh;
[download]

I also tried using -T (taint) after the shebang line but then I just get 500 Internal error - any idea why?

Comment on Re^5: Any security holes? Download Code

Replies are listed 'Best First'.
Re^6: Any security holes? by hippo (Archbishop) on Jun 28, 2022 at 08:45 UTC
I also tried using -T (taint) after the shebang line but then I just get 500 Internal error - any idea why? ~~Your script attempts to write tainted data to the filesystem. Running in taint mode protects you from doing this which is a very good reason to run in taint mode.~~ See your web server's error log for more detail. Update: As in the replies, there is no reason why your script as posted would not run under taint mode. I too have just tried it and it works fine. 🦛	[reply]
Re^7: Any security holes? by haj (Vicar) on Jun 28, 2022 at 13:43 UTC
Your script attempts to write tainted data to the filesystem. Running in taint mode protects you from doing this ... This is not how taint mode works. You can write tainted data to the file system just fine. It is passing tainted data to the OS (via the file system, starting processes and the like) where taint mode kicks in. A frequent path to taint failures is whenever environment variables like e.g. `$ENV{HOME}` or `$ENV{TMP}` are used by Perl modules. This may also differ between platforms. For example, my current Linux desktops don't even have `$ENV{TMP}` defined, whereas on Windows it is usually set.	[reply]
Re^7: Any security holes? by ikegami (Patriarch) on Jun 28, 2022 at 13:25 UTC
Running in taint mode protects you from doing this No it doesn't. Taint prevents code execution. While writing to disk could eventually lead to it getting executed, it's too far removed for taint purposes. The posted program runs fine in taint mode.	[reply]
Re^8: Any security holes? by hippo (Archbishop) on Jun 28, 2022 at 22:06 UTC
The posted program runs fine in taint mode. Ah yes, you are quite right. I should have known better than to trust the assertion that it did not. 🦛	[reply]


Syntactic Confectionery Delight
	PerlMonks