Re: untaint path

Thu, 15 Apr 2004 06:34:42 -0700 

Okay Angie, 

try this one, taken from the docs.  It works because I'm setting $PATH to an 
absolute value instead of updating it. You may want to play with the regex to 
improve it, but this basic test worked.

#!/usr/bin/perl -Tw

my $PATH=$ENV{'MYPATH'};
print "PATH=$PATH\n";
if ($PATH=~/^([-\/\w.]+)$/) { # check for valid chars only
  $PATH=$1;  # explicity set $PATH to (non-tainted) value 
}
my $newdir="$PATH/newdir";
mkdir $newdir || die "can't create directory: $!\n";

Gary

On Thursday 15 Apr 2004 2:12 pm, Angie Ahl wrote:
> Hi Gary
>
> thanks for that. Makes sense. Sadly didn't work though:
>
> Here's some sample code:
>
> my $HTML_Path = "";
> if ($arg{HTML_Path}) {$HTML_Path = $arg{HTML_Path};}
> $HTML_Path =~ s#^(~|../)##;
> my $newdir = $HTML_Path . "/usr/" . $un;
> mkdir $newdir;
>
> If I comment the line passing the arg{HTML_Path} and put an explicit
> path it it works.
> If I get the arg and then test it I still get the "Insecure dependency
> in mkdir while running with -T" error.
>
> $arg{HTML_Path} is passed from the handler and is set. It's what I'm
> pasting in to test explicitly.
>
> eg $hlomuser->Create_UserDir(HTML_Path=>$HTMLPath);
>
> The above code is from subroutine Create_UserDir and that parts working
> just great.
> Close, but no cigar ;(
>
> Cheers
>
> Angie
>
> On 15 Apr 2004, at 13:17, Gary Stainburn wrote:
> > $HTMLPath is tainted because $ENV{HTML_TEMPLATE_ROOT} is tainted.
> > You need to untaint $HTMLPath by amending it somehow.  A common method
> > is to
> > use a regex to remove 'dodgy' characters, such as ~ and % or '../'
> > which
> > could be used to jump to another part of your system.
> >
> > The result would be a untainted $HTMLPath.

-- 
Gary Stainburn
 
This email does not contain private or confidential material as it
may be snooped on by interested government parties for unknown
and undisclosed purposes - Regulation of Investigatory Powers Act, 2000     


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Reply via email to