in reply to Security problem in SOAP::Lite

This also includes XMLRPC::Lite, unfortunately. And I believe that the way in which the Frontier::RPC2 module handles marshalling on the server side is roughly the same, making it vulnerable as well.

I believe that the server classes of my RPC::XML package are safe, as I don't open up things by package name-space, routines have to be explicitly "added" to a server object before it will serve requests to them. But I can't be 100% certain, of course, and will be checking and testing over the next few days.

--rjray

UPDATE: I was wrong about Frontier, it seems. I thought I had seen a syntax in either an example or somewhere else, in which it just gave a namespace to specify a group of available RPC routines. But I can't find that, now. I may well have just hallucinated the whole episode.

Replies are listed 'Best First'.
Re: Re: Security problem in SOAP::Lite
by larryk (Friar) on Apr 09, 2002 at 15:21 UTC
    Frontier::RPC2 is not vulnerable as the server must be initialised with named functions/subrefs: 
    # from perldoc Frontier::Daemon
SYNOPSIS
    
    use Frontier::Daemon;
    
    Frontier::Daemon->new(methods => {
        'rpcName' => \&sub_name,
           ...
        });

    [download]
    which are executed after the following check: 
    # from Frontier::RPC2
my $method = $call->{'method_name'};
if (!defined $methods->{$method}) {
    return $self->encode_fault(3, "no such method \`$method'\n");
}

    [download]
       larryk                                          
perl -le "s,,reverse killer,e,y,rifle,lycra,,print"
[reply]
[d/l]
[select]

In Section Meditations