Re^3: Inline.pm and untainting

I'm surprised that env_untaint was written that way. 0022 as a umask is 755 permission wise which gives the idea that r and x for group members and everyone else actually works for Windows in a Linux/UNIX way.

Reading stat under perlfunc years ago led me to believe that only a handful of the 13 elements actually worked under Windows. Looking at it now hints that there maybe some cause for doubt - "Not all fields are supported on all filesystem types".

The concept of group and everyone for Windows does work under domains but not directories, which is why stat returns 0777 even on readonly.

Shortcoming of stat - I'd say so, but it's not actually since we're given warning. To get directories that you can't write to I'd use Win32::File so

and not ((stat($_))[2] & 0022)

becomes

and ( $attr & READONLY )

I was going to go through the bitwise & permissions that would yield 0 with 0022, but I actually came on PM to look for something else and now it's home time :p

Just in

P.S. your box is fine

Comment on Re^3: Inline.pm and untainting Select or Download Code

Replies are listed 'Best First'.
Re^4: Inline.pm and untainting by syphilis (Archbishop) on Jul 30, 2009 at 09:43 UTC
and ( $attr & READONLY ) That doesn't seem to do quite the same thing. GetAttributes() tells me that neither C:/Windows/System32 nor many of the files in it are READONLY. Yet, I can't write to that directory, or to any of the files in it. Cheers, Rob	[reply]
Re^5: Inline.pm and untainting by afoken (Chancellor) on Jul 30, 2009 at 16:58 UTC
GetAttributes() (from Win32::File) returns the file attributes that were invented around 1980 for MS-DOS, namely ARCHIVE, DIRECTORY, HIDDEN, READONLY, and SYSTEM, plus three new using the remaining bits of a byte, invented somewhere around Windows 98 or NT 4.0: OFFLINE, COMPRESSED, and TEMPORARY. Again, these attributes do not have any relation to the ACLs. Win32::Security::ACL should be able to access the ACLs and to tell you why you can't write to the directory. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply]
Re^6: Inline.pm and untainting by syphilis (Archbishop) on Jul 31, 2009 at 11:00 UTC
Thanks for that. A CPAN search for Win32::Security::ACL also turned up Win32::FileSecurity. I haven't yet got into the finer details of comparing them. Cheers, Rob	[reply]