Insecure Dependency Message

wheakory has asked for the wisdom of the Perl Monks concerning the following question:

I have a C wrapper script that's setuid root that calls a perl script I need to allow several users to run this script as setuid root. Within the perl script I receive this error.

Insecure Dependency in `` while running with -T switch at /opt/bin/reset_primehours.line 50

Which is a system grep command to this path directory /var/admin/bin" line 50 <STDIN> chunk 1.

I am basically greping a user out of this file.

I can't go any farther in the perl script after the Insecure Dependency message pops up. I tried it without the -T switch set and it basically comes up with the same error message.

Any work around or solution. Heres the code it stops on:

$is_user_there = `grep ^$username= /var/admin/bin/primemaster_tmp`;

Edited my mirod: added tags

Comment on Insecure Dependency Message Select or Download Code

Replies are listed 'Best First'.
Re: Insecure Dependency Message by Desdinova (Friar) on Mar 07, 2001 at 04:06 UTC
Form the tiny snippet you put i can oly guess that the value for $username comes from outside the script and you are not untainting it before passing it to the shell. As for the error showing up without the -T, IIRC perl automaticlly turns on taint mode when the script is suid. DO a search on perlsec for more info	[reply]
Re: Re: Insecure Dependency Message by wheakory (Initiate) on Mar 07, 2001 at 04:40 UTC
I already fixed the problem. I forgot to untaint the value outside the script, exactly the information you gave above. Thank you for your reponse though.	[reply]