New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PERL5SHELL is not checked for tainted data #8526
Comments
From @pjf== Problem == The Windows build of Perl supports the PERL5SHELL environment Unfortunately, Perl does NOT check PERL5SHELL when running == Impact == A user that can modify the environment of a Perl program == Example to reproduce == On a windows machine: set PERL5SHELL=notepad perl -Te"$ENV{PATH}=q{c:/windows/system32}; system(q{foo.txt});" Notepad will successfully start on 'foo.txt', even though == Solution == PERL5SHELL should be checked for tainted data in the same way Perl Info
|
From @rgarciaOn 14/07/06, via RT Paul Fenwick <perlbug-followup@perl.org> wrote:
Could someone with a Windows machine available check if change #28591 |
The RT System itself - Status changed from 'new' to 'open' |
From @demerphqOn 7/16/06, Rafael Garcia-Suarez <rgarciasuarez@gmail.com> wrote:
Unfortunately not. :-( BTW, to test this on a normal Win2k build one needs to say set PERL5SHELL=notepad I think the original set PERL5SHELL=notepad Should work fine on a normal XP or 9x build. But as of \28591 the problem remains. Notepad is still launched. Sorry. :-( -- |
From @demerphqOn 7/17/06, demerphq <demerphq@gmail.com> wrote:
Whoops. It helps to use the correct perl to do the tests. D:\dev\perl\ver\28591_\win32>..\perl So all is good, sorry for the confusion. *blush* Yves |
From @druud62demerphq schreef:
See also $ENV{SystemRoot} and $ENV{windir}. -- "Gewoon is een tijger." |
From @rgarciaOn 17/07/06, Dr.Ruud <rvtol+news@isolution.nl> wrote:
What do they do ? If they are judged security-sensitive, they should |
From @demerphqOn 7/17/06, Rafael Garcia-Suarez <rgarciasuarez@gmail.com> wrote:
These are one of the simpler ways to find where the various system Generally people assume that things will be in C:\Windows\System32 I dont know that they are security sensitive. Of course I dont know Yves -- |
From @druud62"Rafael Garcia-Suarez" schreef:
They both hold the value "C:\WINNT" on a Win2k-system here. On other I only mentioned them because Yves pointed to a difference between Win2k set PERL5SHELL=notepad
I don't know how security-sensitive they are. $ grep -iwrl 'SystemRoot' * $ grep -iwrl 'windir' * -- "Gewoon is een tijger." |
From @janduboisOn Mon, 17 Jul 2006, Dr.Ruud wrote:
Those references are all benign as far as I can tell. Cheers, |
From guest@guest.guest.xxxxxxxxG'day Affijn and P5P, Firstly, let me thank you all once again for a very swift bugfix and for I also want to note that I'm a bit of a weenie when it comes to Windows On Mon Jul 17 14:58:14 2006, rvtol+news@isolution.nl wrote:
I feel that $ENV{SystemRoot} and $ENV{windir} carry a similar risk to [Since] Perl can't guarantee that the executable in question isn't However unlike PATH which the developer can set to a known-good value, I Asking the OS appears to involve something like this: use Win32 qw(CSIDL_WINDOWS); $ENV{windir} = Win32::GetFolderPath(CSIDL_WINDOWS); assuming that Win32's GetFolderPath is authoritative. The other downside of making Perl check for windir/SystemRoot I think there may be some value in raising an exception if we're running All the very best, Paul |
p5p@spam.wizbit.be - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#39832 (status was 'resolved')
Searchable as RT39832$
The text was updated successfully, but these errors were encountered: