Re: Re: Re: (ichimunki) Re x3 : disable taint for just one sub

You're not looking at it from the point of view of taint checking. Taint-checking is telling you that one of the 2 arguments to bind (probably the second) is "insecure".

Looking at the source of Net::Printer, I now see the problem: Line 534 of Printer.pm is our old friend

    if (!(bind($sh, $this))) {
    return "Printer: Error: Cannot bind socket: $!\n";
    } # if !bind($sh, $this)
[download]

Where does $this come from? Line 525 packs it, based on the contents of $thisaddr. That variable is set in line 512 from the return values of gethostbyname($hostname), and $hostname is set at line 500 by the insecure code chop ($hostname = `hostname`);.

It's potentially insecure because it uses a path lookup, and because the value is coming from outside your program. If you're very very sure that hostname will be returning a correct value, you can "untaint" $hostname by the methods discussed in this thread and in perlsec.

Better would be to modify the code to discover the hostname without running another process in backticks.

Comment on Re: Re: Re: (ichimunki) Re x3 : disable taint for just one sub Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: (ichimunki) Re x3 : disable taint for just one sub by khippy (Scribe) on Sep 03, 2001 at 16:56 UTC
I have contacted the author of Net::Printer, Chris Fuhrman. Let's quote a small snippet of his answer: ---cut-here--- What I'm tenatively planning on doing is re-writing Net::Printer using IO::Socket instead of setting things up manually. This makes it easier for me to debug it in the future as well as hopefully eliminate the taint problem. ---cut-off--- That's great, I hope he finds the time to finish it soon. -- there are no silly questions killerhippy	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Re: (ichimunki) Re x3 : disable taint for just one sub
by khippy (Scribe) on Sep 03, 2001 at 16:56 UTC

[reply]