; >
> > perldoc perlsec. You haven't untainted $search.
> >
> > Consider embedding the LDAP search functionality in your CGI, or better
> > yet, abstracting it to a common module used by both search.pl and your,
> > er, crap.pl. Code duplication is so enervating
But why the same code works fine at command line? That's what bothers me
most.
And.. there is no code duplication. search.pl is a normal script that I use
at command line. I just want to output the result in a web page.
Thanks!
2011/11/12 Peter Scott
> On Fri, 11 Nov 2011 19:08:18 -0300, Tessio
On Fri, 11 Nov 2011 19:08:18 -0300, Tessio Fechine wrote:
> #!/usr/bin/perl -T -w
>
> use strict;
> use CGI;
>
> $ENV{PATH} = '/var/www/cgi-bin/';
> my $exec = 'search.pl';
>
>
> my $c = CGI->new();
> print $c->header(), $c->start_html(-title => "It's alive!\n"), "\n";
>
> my $search = $c->par
rom apache, as a CGI script, I get this error in
error_log:
"Insecure dependency in system while running with -T switch at
/var/www/cgi-bin/crap.pl line 14., referer: http://frodo/crap.html";
Ps. Without taint mode, it works fine as a CGI script.
On Wed, 2009-08-26 at 14:48 -0700, Mark Wagner wrote:
> On Mon, Aug 24, 2009 at 06:06, Tim Bowden wrote:
> > On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
>
> >
> >> In your case where you run the script from a command line you will still
> >> want to make sure that a user is not for instan
On Mon, Aug 24, 2009 at 06:06, Tim Bowden wrote:
> On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
>
>> In your case where you run the script from a command line you will still
>> want to make sure that a user is not for instance printing a socket or some
>> part of the memory.
>
> The -f tes
On Mon, 2009-08-24 at 14:46 +0200, Rob Coops wrote:
> On Mon, Aug 24, 2009 at 2:17 PM, Tim Bowden wrote:
>
> > #!/usr/bin/perl -wT
> > use strict;
> >
> > my $filename = shift @ARGV;
> >
> > if (-f $filename){
> > open OUT, "> $filename.new" or die "can't open $filename.new: $!";
> > print OUT "
On Mon, Aug 24, 2009 at 2:17 PM, Tim Bowden wrote:
> #!/usr/bin/perl -wT
> use strict;
>
> my $filename = shift @ARGV;
>
> if (-f $filename){
> open OUT, "> $filename.new" or die "can't open $filename.new: $!";
> print OUT "are we safe?\n";
> close OUT;
> }
>
> This dies with "Insecure dependen
#!/usr/bin/perl -wT
use strict;
my $filename = shift @ARGV;
if (-f $filename){
open OUT, "> $filename.new" or die "can't open $filename.new: $!";
print OUT "are we safe?\n";
close OUT;
}
This dies with "Insecure dependency in open while running with -T
switch" as expected. I'd like to kno
On 3/25/06, Tom Allison <[EMAIL PROTECTED]> wrote:
> I would have expected this to require me to do something to untaint the
> value in $username.
Think of taint checking as a big safety net with holes in it. It's
better than no net at all, but it's not perfect safety.
> Doesn't this lead to SQL
- Original Message -
From: "Tom Allison" <[EMAIL PROTECTED]>
Newsgroups: perl.beginners
To: "beginners perl"
Sent: Saturday, March 25, 2006 1:33 PM
Subject: Taint mode and SQL
I was looking at some code of mine and it seems that there is a potential
for a
I was looking at some code of mine and it seems that there is a potential for a
problem here that I wasn't aware of.
I'm using CGI and DBI together and found that I can do the following under Taint
just fine.
my $username = $q->param('username');
and later one...
my $sql = "select .. from ..
On 12/9/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Setup: Perl 5.8, WinXP
>
> I have created the code below to test Taint mode. The testapp.exe
> program is actually the standard windows "attrib.exe" but renamed and
> placed in my CWD. The program as it is b
On Tue, 23 Aug 2005 15:25:45 +0200, Carol Overes wrote:
> I'm using taint mode and I want to extract an archive on my filesystem.
> [snip] This is the error that I get:
>
> Could not create directory '/tmp/untar/test': Insecure dependency in
> mkdir while running wi
All,
I'm using taint mode and I want to extract an archive on my filesystem.
To untaint the content of the archive file, I'm matching the files in
the archive against a regexp (this regexp is right now '.*' for testing
purposes). This is the error that I get:
Could not cr
Hi,
i'm looking for a way to activate the taint mode by defaut on my mashine,
with out doing the !#/usr/bin/perl -T in each script!
Somebody has an idea?
Thanks
Thomas
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Keith wrote:
I seem to recall that the shebang line is generally ignored in
Windows,
Even if the path to perl is, the flags are not. (Disclaimer: There may
be exceptions...)
Now, if that is so, is there a way to turn on taint ( -T at end of
shebang line) for perl scripts in Windows
Yes: The -T fl
UNCLASSIFIED
I seem to recall that the shebang line is generally ignored in Windows,
except if you are using it with apache... Please correct me if I'm wrong
here...
Now, if that is so, is there a way to turn on taint ( -T at end of shebang
line) for perl scripts in Windows if the line is ignore
> "R. Joseph Newton" wrote:
>
>> Can anyone explain to me why I would get a perl error in one web browser but
>> not in any others?
>
> This depends on on alot of factors, few of which you are sharing. Generally,
> perl errors should not come through to the browser.
I'm happy to share them, if yo
> WC -Sx- Jones wrote:
>
>> ³Insecure dependency in piped open while running with -T switch² at the line
>> where I open a pipe to sendmail.
>
> This is what your server logs say or what is displayed in the browser
> window?
It is displayed in the browser window, thanks to CGI::Carp
qw(fatalsToB
Erik Rieselbach wrote:
> Hi,
>
> Can anyone explain to me why I would get a perl error in one web browser but
> not in any others?
This depends on on alot of factors, few of which you are sharing.Generally, perl
errors should not come through to the browser. IIS does pass error messages
through
Erik Rieselbach wrote:
³Insecure dependency in piped open while running with -T switch² at the line
where I open a pipe to sendmail.
This is what your server logs say or what is displayed in the browser
window? You sure it isn't originating from sendmail? The -t option:
sendmail
-t Ex
Hi,
Can anyone explain to me why I would get a perl error in one web browser but
not in any others?
All I¹m doing is taking an email address from a form, feeding it to a
validation sub that untaints it, then using it with the f option to
sendmail. It works fine in Mozilla browsers on both Mac an
Bob Showalter wrote:
Jenda Krynicky wrote:
From: "Bob Showalter" <[EMAIL PROTECTED]>
Vic wrote:
I wanna ask when running Apache 2.046 under Windows XP with
mod_cgi, how can I turn on the taint mode for the Perl
interpretor? (i guess the shebang line wont work since windows
Jenda Krynicky wrote:
> From: "Bob Showalter" <[EMAIL PROTECTED]>
> > Vic wrote:
> > > I wanna ask when running Apache 2.046 under Windows XP with
> > > mod_cgi, how can I turn on the taint mode for the Perl
> > > interpretor? (i guess the sh
From: "Bob Showalter" <[EMAIL PROTECTED]>
> Vic wrote:
> > I wanna ask when running Apache 2.046 under Windows XP with mod_cgi,
> > how can I turn on the taint mode for the Perl interpretor? (i guess
> > the shebang line wont work since windows nvr look at t
Vic wrote:
> Hi.
> I am new to perl so hope u wont flame me for asking sth stupid =)
What does "sth" mean?
>
> I wanna ask when running Apache 2.046 under Windows XP with mod_cgi,
> how can I turn on the taint mode for the Perl interpretor?
> (i guess the shebang line
Hi.
I am new to perl so hope u wont flame me for asking sth stupid =)
I wanna ask when running Apache 2.046 under Windows XP with mod_cgi, how
can I turn on the taint mode for the Perl interpretor?
(i guess the shebang line wont work since windows nvr look at them anyway.)
Also is mod_perl and
Hi Kurt,
You need to do:
perl -Tc file.cgi
What is happening is that when perl inspects your #! line switches, it sees -T
and tries to put on taint mode, but it is too late to taint things by that
time. This is the explination in perldiag:
Too late for """"-T"
Kurt Edmiston wrote:
>
> Hi, I'm trying to use taint mode on one of my cgi programs using the -T flag.
>
> #!/usr/local/bin/perl -wT
>
> When I check the syntax with "perl -c file.cgi" I get the following message:
>
> Too late for "-T"
Hi, I'm trying to use taint mode on one of my cgi programs using the -T flag.
#!/usr/local/bin/perl -wT
When I check the syntax with "perl -c file.cgi" I get the following message:
Too late for "-T" option at manager.cgi line 1.
It smells like an error message, but
31 matches
Mail list logo
