Re: SUID-Taint-Problem?!

I'm guessing one of the following variables my ($type, $host, $user, $pw) is making it to a system call. To use them, you will need to untaint them using a regex and capturing parenthesis.

$type = $1 if $type =~ /^(ftp|ping)$/; 
# others follow
[download]

-Lee

"To be civilized is to deny one's nature."

Update Fixed error. Thanks for the dope slap crazyinsomniac :P

Comment on Re: SUID-Taint-Problem?! Select or Download Code

Replies are listed 'Best First'.
Re: Re: SUID-Taint-Problem?! by kodo (Hermit) on Apr 24, 2002 at 16:02 UTC
Okay thanks all, the problem is solved now. The error was that I didn't untaint $host, I got `($host) = $host =~ /^(.*)$/;` now and everything works fine. `-----BEGIN PERL GEEK CODE BLOCK----- Version: 0.01 P++>+++$c-> P6 >+R+>+M+>++O >+MA+>+++E+>++PU+>+++BD C+>++D!S X!WP >+++MO?PP++n CO?PO-o+G A--OL!Ee---Ev++Eon!Eot!Eob!Eoa!uL++uB uS!uH+uo+w---m!osA-osBE- ------END PERL GEEK CODE BLOCK------` [download]	[reply] [d/l] [select]
Re: Re: SUID-Taint-Problem?! by kodo (Hermit) on Apr 24, 2002 at 11:38 UTC
Hi Shotgunefx, tried it but didn't help. Also I know what's in the servers-file -> what could do a syscall and there's nothing like that in it.. I really don't understand the reason for this one...trying for hours now :( thanks anyway, giant	[reply]
Re: Re: Re: SUID-Taint-Problem?! by shotgunefx (Parson) on Apr 24, 2002 at 12:14 UTC
Did you untaint the other variables I mentioned? If so, try using hard coded values in there and see what happens. Also, on NIX boxes, I believe that usually only root can use ICMP. You should also set the $ENV{PATH} as I mentioned in the chatterbox. -Lee "To be civilized is to deny one's nature."	[reply]