Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^2: PerlTaintCheck and configuration for secure paths

by geektron (Curate)
on Jun 22, 2006 at 17:44 UTC ( [id://556961]=note: print w/replies, xml ) Need Help??


in reply to Re: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

$thumbName is constructed in the code. because of that, i thought it didn't need extra sanitizing.

I'll test it w/ Scalar::Util to ensure that's the tainted part ...

Replies are listed 'Best First'.
Re^3: PerlTaintCheck and configuration for secure paths
by shmem (Chancellor) on Jun 22, 2006 at 17:51 UTC
    If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

    In perlsec is a snippet of code:

    sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
    --shmem
    _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                  /\_¯/(q    /
    ----------------------------  \__(m.====·.(_("always off the crowd"))."·
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}
      the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://556961]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (4)
As of 2024-03-29 05:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found