in reply to Taint and Shellshock

Is there any good reason to not wipe the whole %ENV hash before an external call in web context?

Of course not. I'd localize %ENV and set it up with reasonable defaults before shelling out: 

{
    local %ENV = (
        PATH => '/bin:/usr/bin:/usr/local/bin",
        IFS  => " \t\n",
        LOGNAME => $ENV{LOGNAME}, # propagate values known to be secur
+e
        ...
    }
    ...
    system( ... )
}

[download]

update: corrected IFS} to IFS, addded propagation of secure ENV variables

perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'

Replies are listed 'Best First'.
Re^2: Taint and Shellshock
by kennethk (Abbot) on Sep 27, 2014 at 17:17 UTC

    Perhaps my choice of language was unclear - by 'wipe the whole %ENV hash' I meant localize the hash and set explicit values prior to shelling out. Perl is vulnerable to Shellshock because an environmental variable makes a side run and it's not in the set that Perl considers dangerous for an external call. In the perlsec docs, the only recommendations are regarding 5 specific variables which are the 5 that taint considers dangerous (please correct me if I'm mistaken). It seems like this issue might warrant increasing the scope of taint to consider any tainted value in %ENV dangerous to the shell (thus breaking billions of scripts worldwide....)

    #11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

[reply]
[d/l]

In Section Seekers of Perl Wisdom