Re^2: The importance of avoiding the shell

Replies are listed 'Best First'.
Re^3: The importance of avoiding the shell by ikegami (Patriarch) on Sep 29, 2014 at 06:54 UTC
I'm pretty sure that is what he's saying, but he's wrong if that's the case. `$ HTTP_ACCEPT='() { :;}; echo 0wn3d' \ perl -T -e'$ENV{PATH}=""; system(q(/bin/ls -- "$HOME"))' 0wn3d ... contents of home dir ...` [download] While `$ENV{HTTP_ACCEPT}` is tainted, `system` doesn't check if it's tainted.	[reply] [d/l] [select]
Re^3: The importance of avoiding the shell by Anonymous Monk on Sep 26, 2014 at 15:25 UTC
Taint mode, like most security measures, is "just" an additional security measure. Whether or not you "need to worry" depends a whole lot on the individual situation. Generally, turning on taint mode in CGI scripts is a good idea, but it is not a silver bullet.	[reply]
Re^3: The importance of avoiding the shell by petdance (Parson) on Oct 01, 2014 at 19:50 UTC
No, I am not making any claims about taint mode mitigating the bash bug. My point is that the bash bug is, at its core, about treating untrusted data as executable code. Perl's taint mode is designed to catch that problem in Perl code. Say you get an argument from the command line in your Perl program. That variable is now tainted, because it came from an untrusted source. Now, say you try to execute a command with `system` using that variable. Perl's taint mode will disallow it because the data fed to `system` is untrustworthy. xoxo, Andy	[reply]