in reply to Re^2: Insecure dependency in open while running with -T switch
in thread Insecure dependency in open while running with -T switch

Acually I have one more question. My file is a path to file like /yyy/xxx/file.txt
Symbol "/" or "\" is always tainted as far as I understand. Untainting just file.txt is not enough.
So what to do?
  • Comment on Re^3: Insecure dependency in open while running with -T switch

Replies are listed 'Best First'.
Re^4: Insecure dependency in open while running with -T switch
by runrig (Abbot) on Jan 19, 2008 at 00:23 UTC
    Symbol "/" or "\" is always tainted as far as I understand.
    You understand incorrectly. "/" and "\" is fine if that is what you allow in your regular expression to untaint the data.
[reply]
      So now allowed additionally \\ \/ and \s which I need to pass files and parameter into my internal perl script and my CGI started working with -T 
      sub untainted_string
{
my ($data) = @_;

if ($data =~ /^([-\@\w.\\\/\s]+)$/)
{
        $data = $1;                     # $data now untainted
}
else
{
        die "Bad data in '$data'";
}
return $data;
}

      [download]
      So where might I be in danger now? Why -T makes my CGI safer?
[reply]
[d/l]
        It used to be more of a problem before 3-arg open (and you are only using two args, so it is a problem). When you include "|" as the first or last character of a "file name", perl interprets the "file" as a command to run. That's why -T makes your program safer. Even though you could allow "|" in your file name, it forces you think about such things.
[reply]

In Section Seekers of Perl Wisdom