Re^3: Insecure dependency in system under -T, with list form invocation

You should read the docs on taint mode more carefully.

The part you need is this:

# allow alphanumerics, period, hyphen, ampersand
if ($data =~ /^([-\@\w.]+)$/) { # $data is tainted
    $data = $1;                 # $data now untainted
} else {
  die "Bad data in '$data'";    # log this somewhere
}
[download]

The regex alone will NOT untaint the data - you must copy it through a capture variable, like $1, to untaint it.

Comment on Re^3: Insecure dependency in system under -T, with list form invocation Download Code

Replies are listed 'Best First'.
Re^4: Insecure dependency in system under -T, with list form invocation by cramdorgi (Acolyte) on Sep 11, 2008 at 14:25 UTC
Thanks. I did in the meanwhile, and succeeded in untainting my `$owner` piece of data. But I still get the error... Marc	[reply] [d/l]
Re^5: Insecure dependency in system under -T, with list form invocation by mr_mischief (Monsignor) on Sep 11, 2008 at 16:00 UTC
You need to understand what this code does: `#!/usr/local/bin/perl -T use warnings; use strict; use Scalar::Util qw( tainted ); print "ARGV: " . ( tainted( @ARGV ) + 0 ) . "\n"; print "ARGV[0]: " . ( tainted( $ARGV[0] ) + 0 ) . "\n" if defined $ARG +V[0];` [download] When run as `./program foo` you get this: `ARGV: 0 ARGV[0]: 1` [download] Taintedness is a property of a scalar. An array is not tainted, but the scalar elements of it are. You need to untaint the elements of your arrays that are being passed as arguments.	[reply] [d/l] [select]
Re^6: Insecure dependency in system under -T, with list form invocation by cramdorgi (Acolyte) on Sep 12, 2008 at 08:24 UTC
Thanks, I got this indeed by myself in the meanwhile. I would object that the tainted function could easily avoid giving misleading information to naive users... But no problem: it is useful as it is. Now wouldn't something like the following be of value? sub untaint($) { my $tainted = shift; my @untaintedbits; foreach (split //, $tainted) { if (m%([-\@\w.])%) { push @untaintedbits, $1; } } return join '', @untaintedbits; } sub untaintunixpath($) { my $tainted = shift; my @dirs = split '/', $tainted; map { $_ = untaint($_) } @dirs; return join '/', @dirs; } sub untaintstring($) { my $tainted = shift; my @words = split /\s+/, $tainted; map { $_ = untaint($_) } @words; return join ' ', @words; } my $res = GetOptions("help" => \$help, "unlock" => \$unlock, "vob=s" = +> \$vob, "nusers=s" => \@nusers, "lbtype=s" => \@lbtype); usage if $help or !($res and $vob and @lbtype) or ($unlock and @nusers +); @lbtype = split(/,/, join(',', @lbtype)); map { $_ = untaint($_) } @lbtype; $vob = untaintunixpath($vob); $vob = $ct->argv(qw(des -s), "vob:$vob")->qx; die "Couldn't find the vob $vob\n" unless $vob; $vob = untaintunixpath($vob); my $pwnam = (getpwuid($<))[6]; $pwnam =~ s/^ (.[^ ]) *$/$1/; $pwnam = untaintstring($pwnam); [download] etc... Marc	[reply] [d/l]
Re^7: Insecure dependency in system under -T, with list form invocation by mr_mischief (Monsignor) on Sep 12, 2008 at 15:01 UTC