Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: proper untainting and use of ref

by tachyon (Chancellor)
on Apr 17, 2002 at 18:24 UTC ( #159924=note: print w/replies, xml ) Need Help??

in reply to proper untainting and use of ref

Here is how taint mode works. Any input from outside your code is flagged as tainted until you untaint it. You may not use a tainted value to do things external to your script like say open You get the value for $userfile from your config file (external) via the tainted $config and then try to open it via open ( USER, '>', $userfile ) without untainting it. You need to untaint this value. untainting with (.+) is bad as it lets anything through. What if

$userfile = 'wget > /bin/badfile_to_have_here'

You would also be wise to set a $filepath and concatenate the value for $userfile to it. This is to make it harder to hack and easier to untaint $userfile. Regardless you must protect your config file (not world readable) and untaint values you use for operations external to your script. Taint will let you know if you have forgotten. Cool huh?




Replies are listed 'Best First'.
Re: Re: proper untainting and use of ref
by particle (Vicar) on Apr 17, 2002 at 18:39 UTC
    my problem is i've already untainted this data once.
    # ...snip... # untaint parameters for( keys %params ) { # !!!TODO!!! check 'ref' line for subtle bugs ( display_message( $messages{error} ) && exit ) unless ref($valid_params{$_}) eq 'Regexp'; if( $params{$_} =~ /$valid_params{$_}/ ) { $params{$_} = $1; } else { display_message( $messages{error} ) && exit; } }
    so the data in %params should be untainted, no? but when it's accessed later, via

    my $userfile = get_userfile( $config, $params{username} );
    $userfile is now tainted, even though $params{username} should be untainted. am i missing something?

    Update: modifying the get_userfile() sub like so:

    sub get_userfile { my ( $config, $username ) = ( shift, shift ); # add only this line: still tainted # ( $config->{ users } ) = ( $config->{ users } =~ /^(.+)$/ ); # add only this line: untainted # ( $username ) = ( $username =~ /^(.+)$/ ); $config->{ users } . $username; }
    so $config and its data are not tainted. why is $params{ username } still tainted?

    ~Particle ;

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://159924]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2023-01-28 10:55 GMT
Find Nodes?
    Voting Booth?

    No recent polls found