Hi,
> I've read docs on security and I'm aware of that
> all user variables should be checked before doing
> something like opening a file, but can somebody
> show me how example below can compromise my website?
>
> open(F, "/home/users/me/web/$in{'NAME'}.ext");
>
What if $in{'NAME'} started with "../../../../tmp/"?
Now, if in the tmp directory a link was created with that
file extension, then they could open anything according to
your scripts permissions. Scary, but not far fetched -
it's a frequently exploited idea.
> Does something like '; rm * ;' can actually execute?
> (note suffix '.ext')
Not in this instance, $in{'NAME'} must result in a string,
it can't magically turn into a subroutine call... unless
it's a tied hash - which you'd definately know about.
At the top of your script use:
#!/usr/bin/perl -wT
This code won't even work, since it'll be reported as
insecure. When you've worked that bit out, you'll be back
for a way of untainting your data ;-) We'll be waiting!
Jonathan Paton
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page from News and Sport to Email and Music
Charts
http://uk.my.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
