Re: Taint bug with backticks in variable assignments

It has nothing to do with the variables. It's that you're forking twice in the same statement (at least that's my guess). Try these:

#!/usr/bin/perl -T

use strict;
use warnings;

$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';

my ($a,$b) = (`mktemp /tmp/temp.XXXXXX`, `mktemp /tmp/temp.XXXXXX`);
my $temp_fails = [ $a, $b ];
__END__
Insecure dependency in `` while running with -T switch at ./foo line 9
+.
[download]

#!/usr/bin/perl -T

use strict;
use warnings;

$ENV{PATH} = '/usr/bin:/usr/local/bin:/bin';
$ENV{ENV} = '';

my $a = `mktemp /tmp/temp.XXXXXX`;
my $b = `mktemp /tmp/temp.XXXXXX`;
my $temp_fails = [ $a, $b ];
__END__
[download]

The latter works just fine

duff

Comment on Re: Taint bug with backticks in variable assignments Select or Download Code

Replies are listed 'Best First'.
Re: Taint bug with backticks in variable assignments by Abigail-II (Bishop) on Nov 19, 2003 at 15:48 UTC
Not the forking: $ perl -Tlwe '$ENV {PATH} = "/usr/bin:/usr/local/bin:/bin"; fork && fork && `mktemp "/tmp/temp.XXXXXX"` && print "Success"' Success [download] Abigail	[reply] [d/l]
Re: Re: Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 15:36 UTC
Thanks I just hit that myself. I started down the variable path thinking it was $$, then trying any variables, then none. I still would consider this a bug though.. -Lee "To be civilized is to deny one's nature."	[reply]
Re: Re: Re: Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 16:08 UTC
perldoc perlsec It would be inefficient for every operator to test every argument for taintedness. Instead, the slightly more efficient and conservative approach is used that if any tainted value has been accessed within the same expression, the whole expression is considered tainted. #!/usr/bin/perl -T $ENV{PATH} = '/usr/bin:/usr/local/bin:/bin'; $ENV{ENV} = ''; my $good = 'good'; my $bad = `echo bad`; print($bad); print(`echo $good`); #separate expressions print($bad), print(`echo $good`); #single list expression [download]	[reply] [d/l]
Re: Re: Re: Re: Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:14 UTC
Maybe it's the way I'm reading that, but take the example below, I don't see how that applies. The second element isn't referencing anything that could be tainted. #!/usr/bin/perl -T $ENV{PATH} = '/usr/bin:/usr/local/bin:/bin'; $ENV{ENV} = ''; my $commands = [ `mktemp /tmp/temp.XXXXXX`, `mktemp /tmp/temp.XXXXXX`, ]; [download] -Lee "To be civilized is to deny one's nature."	[reply] [d/l]
Re: Re: Re: Re: Re: Taint bug with backticks in variable assignments by Anonymous Monk on Nov 19, 2003 at 16:26 UTC
Re:(6b) Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:47 UTC
Some notes below your chosen depth have not been shown here
Re: (6): Taint bug with backticks in variable assignments by shotgunefx (Parson) on Nov 19, 2003 at 16:42 UTC