Re^2: exec command taking ages

I am not sure if I need to use taint as this is an internal company webpage.

Also, the $identifier variable holds the directory that the user selected from a list on an intial webpage and the variable is passed to another .cgi script before finally being passed to this .cgi script so I am not sure how taint would help.

Paul McIlfatrick

Comment on Re^2: exec command taking ages

Replies are listed 'Best First'.
Re^3: exec command taking ages by Anonymous Monk on Nov 24, 2010 at 14:48 UTC
Also, the $identifier variable holds the directory that the user selected from a list on an intial webpage and the variable is passed to another .cgi script before finally being passed to this .cgi script so I am not sure how taint would help. Thats what you hope $identifier holds. The program does absolutely no checking to see what is in $identifier, and then merrily passes $identifier to the shell for execution, classic security hole.	[reply]

Replies are listed 'Best First'.

Re^3: exec command taking ages
by Anonymous Monk on Nov 24, 2010 at 14:48 UTC

Thats what you hope $identifier holds. The program does absolutely no checking to see what is in $identifier, and then merrily passes $identifier to the shell for execution, classic security hole.

[reply]