in reply to Taint problem opening file to write

your $file_out is still tainted. You need to re-assign to $file_out a sub-pattern match:

from perlsec, The only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern.

so you need to do something like this (modified from perlsec) 

    if ($file_out =~ /^([-\@\w.]+)$/) {
          $file_out = $1;                     # $data now untainted
      } else {
          die "Bad data in $file_out";        # log this somewhere
      }

[download]

-derby

Replies are listed 'Best First'.
Re: Re: Taint problem opening file to write
by fireartist (Chaplain) on Apr 30, 2002 at 12:54 UTC
    Thanks,
    I've changed the part that read 
    unless ($file_in =~ /^[\w][\w\._-]*$/) {
    print "Insecure file_in\n";
    exit;
}

    [download]
    to ... 
    if ($file_out =~ /^([\w][\w\._-]*)$/) {
    $file_out = $1;
}
else {
    print "Insecure file_out\n";
    exit;
}

    [download]
    And I also fixed the regexp that checked for double dots, from /^\.{2,}$/ to... /\.\./
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom