Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > vuln-dev > 03 > 070672.html (Request Expert securityfocus.com Support)

RE: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets)

From: Paul Vet <paul.vet(at)baldhead.com>
Date: Fri Jul 11 2003 - 15:13:24 EDT


> I believe that PERL actually has a pragma that you can set that

Indeed, any security conscous program should validate any external data before doing anything with it. Perl has Taint mode to enforce this (well, at least to pass the buck to the programmer). From perlsec (http://www.perldoc.com/perl5.8.0/pod/perlsec.html):

You may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see perllocale), results of certain system calls (readdir(), readlink(), the variable of shmread(), the messages returned by msgrcv(), the password, gcos and shell fields returned by the getpwxxx() calls), and all file input are marked as "tainted". Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes, with the following exceptions... **snip**

> I actually *would* describe the bug below as a logwatch bug.

Definately a logwatch bug. Modifying your code to work with taint mode,

if ($command =~ /(\w*)/) { #match only on 'word' characters 

	$command = $1;	#save the untainted match
	...			#do whatever
} else {
	carp "Unexpected filename: [[$command]]. Not used\n"
}

Hopefully someone notified the Logwatch people...

Paul Vet.

Do you need help?X

> Spybreak wrote:
Received on Fri Jul 11 16:45:44 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library