Re: inconsistency in untaint

Must be something different. I guess the variable you pass to rmtree is tainted.
This works fine on my box (perl 5.8.8, Linux):

#!/usr/bin/perl -T
# file rmtree.pl
use File::Path;
my $dir = 'path';
rmtree($dir);
[download]

called as

qwurx [shmem] ~> mkdir -p path/to/some/file
qwurx [shmem] ~> perl -T rmtree.pl
[download]

and removes the path directory without complaint, as does

#!/usr/bin/perl -T
# file rmtree.pl
use File::Path;
my $dir = shift;
$dir =~ /^(.*)$/ && ($dir = $1);
rmtree($dir);
[download]

called as

qwurx [shmem] ~> mkdir -p path/to/some/file
qwurx [shmem] ~> perl -T rmtree.pl path
[download]

while this barfs

#!/usr/bin/perl -T
# file rmtree.pl
use File::Path;
my $dir = shift;
# $dir =~ /^(.*)$/ && ($dir = $1);
rmtree($dir);
[download]

as it should:

qwurx [shmem] ~> mkdir -p path/to/some/file
qwurx [shmem] ~> perl -T rmtree.pl path
Insecure dependency in chdir while running with -T switch at /usr/lib/
+perl5/5.8.8/File/Path.pm line 195.
[download]

Mind to post some code?

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: inconsistency in untaint Select or Download Code

Replies are listed 'Best First'.
Re^2: inconsistency in untaint by ruzam (Curate) on Aug 30, 2006 at 17:52 UTC
Also note the error message. You got 'while running with -T switch' which indicates the tainted data where as I'm getting 'while running setuid' which (I believe) indicates something more than standard untaint procedures.	[reply]
Re^3: inconsistency in untaint by shmem (Chancellor) on Aug 30, 2006 at 18:10 UTC
Oh, I overlooked that. The setuid bit doesn't matter on my system, same result with or without. AFAIK the only difference is that setuid forces the taint flag to be set, otherwise you must set it explicitly. What system are you running perl on? Tried with a C wrapper around your script as described in perlsec? --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply]
Re^4: inconsistency in untaint by ruzam (Curate) on Aug 30, 2006 at 18:32 UTC
System: Madriva 2006 I've had issues with suid scripts before. The application is openwebmail (which I've also added code to in the past). With the exception of File::Path, I've not needed to resort to C wrappers yet. I can patch File::Path for my own use, but I can't offer that back to the the general public as a solution for others. It may be something in the compile flags Mandriva uses for Perl, or maybe even a Perl bug I don't know. Still hoping for some kind of flag I can set before calling rmtree() sort it out.	[reply]
Re^2: inconsistency in untaint by ruzam (Curate) on Aug 30, 2006 at 17:45 UTC
Perl 5.8.7 Does the script you're testing with have the suid bit set? I don't think it's stricly a taint problem. Initially I also thought it was an issue with passing tainted input so I put debug warnings in rmtree(). The first path value (passed in from the application) was taint free through the first chdir call. The subsequent recursive calls to sub directories as found and sanitized by File::Path then died. I noticed that File::Find also had issues like this and they've added an untaint flag to the interface. The File::Find code swaps between two variables (which File::Path doesn't) when untainting and doesn't appear to suffer from the bug as a result	[reply]