gayathriAthreya has asked for the wisdom of the Perl Monks concerning the following question:

Hey, quick question. I am writing some code with taint switched on. And I have a use lib statement and a use statement right after the use lib. However, my code is unable to find the module though @INC has the required path. This code works without taint, any pointers?

Replies are listed 'Best First'.
Re: Taint problems
by zentara (Cardinal) on Dec 02, 2008 at 18:24 UTC
[reply]
[d/l]
      Great thanks!!! I just realized my path had problems :)
[reply]
      This obviously works but may reduce portability. If you need to run on various machines so cannot rely on the absolute paths but you can rely on the relative paths, then you can do something like: 
      #!/usr/bin/perl -wT

# amend @INC without taint
use FindBin;
my $path = $FindBin::RealBin;
$path =~ /^(.+)$/;
$path = $1;
my $relative_path = ??????????
unshift @INC, "$path/$relative_path";

      [download]
[reply]
[d/l]

        You can't trust $0. The code you provided makes code injection possible.

        • Create a symlink to the script.
        • Place the code to inject in a module in a path relative to the symlink.
        • Replace the symlink with a plain file after Perl opens the script but before FindBin has a chance to resolve the link.

        If you're writing a server where your attackers are remote, this isn't a problem. If you're writing a setuid script, this is a problem.

        Proof of concept follows.

        Read more... (2 kB)
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom