in reply to Insecure dependency in system under -T, with list form invocation

my ($owner) = grep s%^.*/(.*)$%$1%,
  $ct->argv(qw(des -fmt "%[owner]p"), "vob:$vob")->qx;

# snip

system('/usr/bin/ssh', '-l', $owner, $host, $binct, @op, @lbtype);

[download]

You're passing user input ($owner) directly into system() which is bad. See perldoc perlsec about Laundering-and-Detecting-Tainted-Data. You may also need to clean up %ENV as well.

Update: Sorry, I thought the culprit was $owner but your regex should clean that one. In any case, I suspect that you've got an arg that's tainted. You can easily test a variable for taintedness with tainted EXPR in Scalar::Util

Replies are listed 'Best First'.
Re^2: Insecure dependency in system under -T, with list form invocation
by cramdorgi (Acolyte) on Sep 10, 2008 at 19:30 UTC
    Thanks for the links.
    I get the point... Yes the @op may contain spaces and parentheses... I'll read in detail what to do to retain them. I have cleaned up only $ENV{PATH}... Anything else there that must be looked at?

    Marc

[reply]
      Anything which gets its data from outside the program, whether it's in the environment, on the command line, or through system calls needs to be cleaned before it's used to make a system call.
[reply]

In Section Seekers of Perl Wisdom