in reply to Re: Insecure dependency in piped open
in thread Insecure dependency in piped open

thanks pc88mxer, for your comments. your right that the $host is tainted and i've fixed the issue. whats more,

my $fh = new IO::File "$NSLOOKUP -type=any $host 2>&1 |";

is same as

open(my $fh, "-|", $NSLOOKUP, "-type=any", $host)
however only difference from the two is that yours is more optimised than mine. so i've decided to use yours.

if your have more ideas of improvement or security issues please let me know.

many thanks

Replies are listed 'Best First'.
Re^3: Insecure dependency in piped open
by sgifford (Prior) on Jun 29, 2008 at 19:37 UTC
    Actually those two are subtly different. One of them has a single string, and Perl will hand that string to the shell to parse. If $host contains any special shell characters, the shell will interpret them; for example if $host was set to: 
    www.google.com; rm /path/to/your/script

    [download]
    the shell will see something like: 
    /bin/nslookup -type=any www.google.com; rm /path/to/your/script 2>&1 |
+";

    [download]
    and will go ahead and try to remove your script, if it has permission. That is why Perl won't let you do it with taint mode on.

    The multi-argument piped open doesn't send anything to the shell, and so avoids this problem.

    There is also a difference in where standard error goes. In the first example it will be read from the pipe; in the second it will go to the original program's standard error, perhaps to a Web server error log.

    Finally, for this particular purpose, there is probably a module available on CPAN (like Net::DNS) that will do the work without using an external program at all.

    Good luck!


    --
    sgifford's Web page
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom