-T taint mode & chdir

mandog has asked for the wisdom of the Perl Monks concerning the following question:

What part of perldoc perlsec am I missing?

I get this error:

Insecure dependency in chdir while running 
with -T switch at ./simple line 21.
[download]

With this code:

#!/usr/local/bin/perl -Tw
use strict;

my $sites_root='/home/sites';

delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV', 'PATH'};

opendir(DH,$sites_root) or die "1: $!\n";
my @sites=readdir(DH)or die "2: $!\n";
closedir(DH) or die "3: $!\n";
chdir($sites_root);

foreach  my $site (@sites){
        next if ($site eq '.') or ($site eq '..')
                or (not (-d "$sites_root/$site"));

        $site=~s/[^-\@\w\/]//;
        my $dir="$sites_root/$site";
        chdir($dir) or die "couldn't chdir to $dir : $!\n";

#tmp debug statment
system('/bin/pwd');
}
[download]

email: mandog

Edited 2002-01-02 by dvergin adding paren per user request

Comment on -T taint mode & chdir Select or Download Code

Replies are listed 'Best First'.
Re: -T taint mode & chdir by Juerd (Abbot) on Jan 02, 2002 at 00:42 UTC
`s///` does not untaint. `#!/usr/local/bin/perl -Tw sub is_tainted { no warnings; no strict; return ! eval { join('',@_), kill 0; 1; }; }` [download] `# is_tainted() was taken from perlfaq7` `use strict; my $site = <>; chomp $site; print is_tainted($site) ? "Tainted\n" : "Not tainted\n"; $site =~ s/[^-\@\w\/]//; print is_tainted($site) ? "Tainted\n" : "Not tainted\n"; my $dir = "$sites_root/$site"; print is_tainted($dir) ? "Tainted\n" : "Not tainted\n"; chdir($dir) __END__ Tainted Tainted Tainted Insecure dependency in chdir while running with -T switch at ./foo.pl +line 21, <> line 1.` [download] So, untaint `$sites` with an `m//` and `$1`, according to perlsec: `my $validchars = 'A-Za-z0-9_.-'; if ( $site =~ /^([$validchars]+)$/o ) { $site = $1; }else{ warn "Invalid site: $site\n"; next; }` [download] `2;0 juerd@ouranos:~$ perl -e'undef christmas' Segmentation fault 2;139 juerd@ouranos:~$` [download]	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re: -T taint mode & chdir
by Juerd (Abbot) on Jan 02, 2002 at 00:42 UTC

s///

#!/usr/local/bin/perl -Tw

sub is_tainted {
    no warnings;
    no strict;
    return ! eval { join('',@_), kill 0; 1; };
}
[download]

# is_tainted() was taken from perlfaq7

use strict;

my $site = <>;
chomp $site;
print is_tainted($site) ? "Tainted\n" : "Not tainted\n";

$site =~ s/[^-\@\w\/]//;
print is_tainted($site) ? "Tainted\n" : "Not tainted\n";

my $dir = "$sites_root/$site";
print is_tainted($dir)  ? "Tainted\n" : "Not tainted\n";

chdir($dir)
__END__
Tainted
Tainted
Tainted
Insecure dependency in chdir while running with -T switch at ./foo.pl 
+line 21, <> line 1.
[download]

$sites

m//

$1

perlsec

my $validchars = 'A-Za-z0-9_.-';
if ( $site =~ /^([$validchars]+)$/o ) {
    $site = $1;
}else{
    warn "Invalid site: $site\n";
    next;
}
[download]

2;0 juerd@ouranos:~$ perl -e'undef christmas'
Segmentation fault
2;139 juerd@ouranos:~$
[download]

[reply]
[d/l]
[select]