Re: Getting To Grips With Taint - And Picking Up Files

It seems to work fine, but i would like to impliment Tainting on this script, and it doesn't seem to work.

What does this mean? Is there an error generated? Without any more info, I'll just shoot in the dark and guess that it says that you have an insecure PATH. To fix that, just add this line to the beginning of the program:

$ENV{PATH}='/bin:/usr/bin'; # wherever your ls exec lives
[download]

If that's not the problem, share the error message with us, and we'll probably be able to help. You can also try looking up the error in perldiag.

-- Dan

Comment on Re: Getting To Grips With Taint - And Picking Up Files Download Code

Replies are listed 'Best First'.
Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 16:28 UTC
Thats fixed it. Cheers Is the method i am using ok? I'm just wondering if there is a better, more solid way of doing this? I am trying to keep clear of adding perl modules as my sysadmin doesn't allow it, but i think we are on perl 5.6.something so i am not sure what modues are included with that release. Thanks	[reply]
Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 16:06 UTC
i just added what you suggested and now i get Insecure $ENV{BASH_ENV} while running with -T switch at ./add	[reply]
Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by zigdon (Deacon) on Sep 30, 2002 at 16:12 UTC
Ok, that helps - try setting $ENV{BASH_ENV} then to the same path, or just to an empty string, and use the full path to ls: $ENV{BASH_ENV} = ''; my @files = `/bin/ls`; [download] -- Dan	[reply] [d/l]
Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 16:18 UTC
Thats fixed it. Cheers Is the method i am using ok? I'm just wondering if there is a better, more solid way of doing this? I am trying to keep clear of adding perl modules as my sysadmin doesn't allow it, but i think we are on perl 5.6.something so i am not sure what modues are included with that release. Thanks	[reply]
Re: Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by zigdon (Deacon) on Sep 30, 2002 at 16:28 UTC
Re: Re: Re: Re: Getting To Grips With Taint - And Picking Up Files by Anonymous Monk on Sep 30, 2002 at 17:03 UTC
Just one last question (if anybody is still reading this node). Taint complains about using unlink $file; What are the alternatives to that? `Insecure dependency in unlink while running with -T switch at ./addvir +tuser.pl` [download]	[reply] [d/l]