in reply to Sanity check: Tiny wrapper script for /bin/mail

my $cmd = join(' ', '/bin/mail', @ARGV);
Isn't this unsafe argument handling? AFAIU, this should break if ran as mail-if root@localhost -s "innocent_message & touch /root/evilfile" (and all kinds of other wierd behaviour are possible with quoted arguments becoming unquoted). Also, checking for data present on STDIN is easier using eof. Therefore, a simplier solution might look like this: perl -e'exec "/bin/mail", @ARGV unless eof STDIN' (untested).

Replies are listed 'Best First'.
Re^2: Sanity check: Tiny wrapper script for /bin/mail
by FloydATC (Deacon) on Dec 01, 2013 at 12:19 UTC

    Hmm...

    The wrapper script doesn't elevate privileges in any way so if you want to touch /root/evilfile then you need root privileges. In which case you can touch whatever you like. Or am I missing something?

    Also, I think in your proposal the data on STDIN would be lost, but I have not tested it either. Using eof() is a simpler way to check for data but in practice it wouldn't save anything in this case. Reading from an EOF handle shouldn't take long, and if it's not EOF then I need to read the data anyway. (Or pass it to /bin/mail some other way?)

    -- FloydATC

    Time flies when you don't know what you're doing

[reply]
[d/l]
[select]

      But if you wanted to send an e-mail with "; touch /root/evilfile" as a subject, you will end up creating a file instead. Also, arguments containing spaces simply break, because, given @ARGV=("login@host", "-s", "some topic") you run /bin/mail login@host -s some topic - without quotes or (preferrably) stating array of command line arguments (multi-argument form of open/system/exec).

      Examples of bad behaviour which can be solved using open(my $ch, "|-", "/bin/mail", @ARGV): 

      $ cat if-mail.pl 
#!/usr/bin/perl
exit 0 unless (my @lines = <STDIN>);
open(my $mail, "|-", join " ", "/usr/bin/mail", @ARGV) or die $!;
print $mail @lines;
$ LC_ALL=C ./if-mail.pl root@localhost -s "do not run echo; touch ~/zz
+z && ls ~/zzz - it does not make sense"
TEST
^D
ls: cannot access -: No such file or directory
ls: cannot access it: No such file or directory
ls: cannot access does: No such file or directory
ls: cannot access not: No such file or directory
ls: cannot access make: No such file or directory
ls: cannot access sense: No such file or directory
/home/aitap/zzz
$ ./if-mail.pl root@localhost -s "try running echo *"
TEST
^D

      [download]
      Trying to read the mail, I get: 
      $ mail
       From: Krylov Ivan <aitap@tarkus>
         To: echo@tarkus, not@tarkus, root@localhost, run@tarkus
    Subject: do
 Message-ID: <E1VnDEf-0008HF-UG@Tarkus>
       Date: &#1055;&#1085;&#1076;, 02 &#1044;&#1077;&#1082; 2013 00:0
+3:21 +0400
----------------------------------------------------------------

TEST
----------------------------------------------------------------
       From: Mail Delivery System <Mailer-Daemon@tarkus>
         To: aitap@tarkus
    Subject: Mail delivery failed: returning message to sender
 Message-ID: <E1VnDEg-0008HS-5L@Tarkus>
       Date: &#1055;&#1085;&#1076;, 02 &#1044;&#1077;&#1082; 2013 00:0
+3:22 +0400
----------------------------------------------------------------

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) faile
+d:

  echo@tarkus
    Unrouteable address
  not@tarkus
    Unrouteable address
  run@tarkus
    Unrouteable address

------ This is a copy of the message, including all the headers. -----
+-
<...>
       From: Krylov Ivan <aitap@tarkus>
         To: echo@tarkus, if-mail.pl@tarkus, root@localhost, running@t
+arkus
    Subject: try
 Message-ID: <E1VnDFD-0008Is-Co@Tarkus>
       Date: &#1055;&#1085;&#1076;, 02 &#1044;&#1077;&#1082; 2013 00:0
+3:55 +0400
----------------------------------------------------------------

TEST
----------------------------------------------------------------
       From: Mail Delivery System <Mailer-Daemon@tarkus>
         To: aitap@tarkus
    Subject: Mail delivery failed: returning message to sender
 Message-ID: <E1VnDFD-0008Iy-K2@Tarkus>
       Date: &#1055;&#1085;&#1076;, 02 &#1044;&#1077;&#1082; 2013 00:0
+3:55 +0400
----------------------------------------------------------------

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) faile
+d:

  echo@tarkus
    Unrouteable address
  if-mail.pl@tarkus
    Unrouteable address
  running@tarkus
    Unrouteable address

------ This is a copy of the message, including all the headers. -----
+-
<...>

      [download]
      (notice if-mail.pl@tarkus in the list of addressees: it's from the expansion of "*" from the subject)

      Also, I think in your proposal the data on STDIN would be lost, but I have not tested it either.
      I was thinking about the simpliest way of passing the STDIN by just jeaving it to the process being executed, but yes, using eof on STDIN before the exec does indeed lose the first line of input (even on pipes). I have not figured a way around this, neither $|++ nor setbuf helped.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom