http://www.perlmonks.org?node_id=25397


in reply to File Naming

<writes the word newbie on his forhead> Explain why? Some type of exploit for "hackers" ??

Replies are listed 'Best First'.
RE: Re: File Naming
by nardo (Friar) on Aug 01, 2000 at 09:08 UTC
    If you pass a string from a user directly to open, the person can run arbitray commands. The username ';rm nameofcgi.cgi;' for example will delete nameofcgi.cgi (on some platforms, anyways). Even if you prefix the filename with a directory, someone could use ../ to write to the directory of their choice, someone could use a \0 to prevent any appended string from being used in the filename (since the underlying C library will take the \0 to be end of string). In other words, you need to verify that the data the user has given you does not contain anything it shouldn't. You can use the -T switch (#!/usr/bin/perl -T) which will enable taint checking which will cause perl to stop when it encounters a potentially unsafe operation.