Laundering tainted 'eval'

bodhidharma has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Laundering tainted 'eval' by samtregar (Abbot) on May 10, 2002 at 17:08 UTC
You might consider using Storable instead of Data::Dumper. Storable doesn't require you to eval() to restore your saved data and it's faster. -sam	[reply]
Re: Laundering tainted 'eval' by dsheroh (Monsignor) on May 10, 2002 at 16:31 UTC
Taint won't let you feed data from a filehandle directly into an `eval` because that filehandle could feed you anything, including something terribly destructive. You have to read the file contents into a scalar and untaint it before it can be `eval`ed, like so: `#!/usr/bin/perl -wT use strict; open (DATA, "<foo.txt") \|\| die; while (my $dataline = <DATA>) { $dataline =~ /(print '[^']*';)/ \|\| next; eval $1; print "\n"; }` [download]	[reply] [d/l] [select]
Re: Laundering tainted 'eval' by Mr. Muskrat (Canon) on May 10, 2002 at 17:06 UTC
Why read the file and eval when you can do it? `do $usrhash or die "Can't recreate user hash: $! $@"; my %newhash=%$USRLST1;` [download] The Camel 3 taught me that. Now if I could just remember everything else in there I'd be a great perl programmer. Update: Witty reply replaces boring 'Try this:', Mr. Muskrat 2002-05-10 1423 (GMT -0600) Who says that programmers can't work in the Marketing Department? Or is that who says that Marketing people can't program?	[reply] [d/l]
Re: Re: Laundering tainted 'eval' by ariels (Curate) on May 11, 2002 at 09:21 UTC
But <samp>do EXPR</samp> is an eval! The docs say: `do 'stat.pl';` [download] is just like scalar eval `cat stat.pl`; [download] ... It goes on to list some differences. The point about taint mode is not letting your program execute (some, not all!) potentially dangerous operations. Replacing an eval with do doesn't do that...	[reply] [d/l] [select]
Re: Re: Re: Laundering tainted 'eval' by Mr. Muskrat (Canon) on May 12, 2002 at 21:23 UTC
I never said it wasn't... only why read the file and eval when you can just do it. You save programming time, it's less lines of code, yadda yadda and it just sounds cooler. Who says that programmers can't work in the Marketing Department? Or is that who says that Marketing people can't program?	[reply]
Re: Laundering tainted 'eval' by simonm (Vicar) on May 10, 2002 at 23:22 UTC
Untaint your input string and eval it inside a Safe partition: `$code = <USRHASH>; # Blindly untaint ( $code ) = ( $code =~ m/(.*)/s ); # Safe eval require Safe; $USRLST1 = Safe->new->reval( $code );` [download] The regex removes the taint from $code, and the Safe->new->reval() ensures that the code can only construct a value and return it, without being able to do file I/O, mess with your internal variables, etc. See Safe for more details.	[reply] [d/l]
Re: Laundering tainted 'eval' by Zaxo (Archbishop) on May 10, 2002 at 16:49 UTC
Taint mode also dislikes relative file paths since they depend on the PWD environment variable. Use absolute paths. Update: Not quite right about PWD, that's not used for relative paths (++ariels), nevertheless absolute paths are worth using for security's sake. After Compline, Zaxo	[reply]
Re: Laundering tainted 'eval' by jehuni (Pilgrim) on May 12, 2002 at 17:56 UTC
You can also try the untaint method of IO::File: `use IO::File; my $fh = new IO::File; $fh->open("<$usrhash") or die ......; $fh->untaint(); flock($fh, LOCK_SH) or die..........; $/=undef; eval <$fh>; $fh->close(); $/="\n"; my %newhash=%$USRLST1; # the reference as created by Data::Dumper` [download] Of course, this bypasses the protection that taint mode offers, so it should only be used with great care. -jehuni	[reply] [d/l]