Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Taint and perl5db.pl #718

Closed
p5pRT opened this issue Oct 15, 1999 · 1 comment
Closed

Taint and perl5db.pl #718

p5pRT opened this issue Oct 15, 1999 · 1 comment

Comments

@p5pRT
Copy link

p5pRT commented Oct 15, 1999

Migrated from rt.perl.org#1620 (status was 'resolved')

Searchable as RT1620$

@p5pRT
Copy link
Author

p5pRT commented Oct 15, 1999

From jason@community.net

Summary of my perl5 (5.0 patchlevel 4 subversion 4) configuration​:
  Platform​:
  osname=linux, osvers=2.0.34, archname=i386-linux
  uname='linux porky.redhat.com 2.0.34 #1 thu may 7 10​:17​:44 edt 1998
i686 unk
nown '
  hint=recommended, useposix=true, d_sigaction=define
  bincompat3=y useperlio=undef d_sfio=undef
  Compiler​:
  cc='cc', optimize='-O2', gccversion=2.7.2.3
  cppflags='-Dbool=char -DHAS_BOOL -I/usr/local/include'
  ccflags ='-Dbool=char -DHAS_BOOL -I/usr/local/include'
  stdchar='char', d_stdstdio=define, usevfork=false
  intsize=4, longsize=4, ptrsize=undef, doublesize=undef
  alignbytes=4, usemymalloc=n, prototype=define
  Linker and Libraries​:
  ld='cc', ldflags =' -L/usr/local/lib'
  libpth=/usr/local/lib /lib /usr/lib
  libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt
  libc=, so=so
  useshrplib=false, libperl=libperl.a
  Dynamic Linking​:
  dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
  cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Characteristics of this binary (from libperl)​:
  Locally applied patches​:
  MAINT_TRIAL_4 - 5.004_05 maintenance trial 4
  Built under linux
  Compiled at Sep 10 1998 02​:16​:22
  @​INC​:
  /usr/lib/perl5/i386-linux/5.00404
  /usr/lib/perl5
  /usr/lib/perl5/site_perl/i386-linux
  /usr/lib/perl5/site_perl
  .


I get the following message​:

Insecure dependency in eval while running with -T switch at
/usr/lib/perl5/perl5db.pl line 1165, <IN> chunk 4.

Untaining the variables via a m/(.*)/ before line 1165 makes the error go
away. I can only produce the error under the following (rather unusual)
conditions​:

I run the following CGI script via the web server​:

#!/bin/bash

export PERLDB_OPTS='tty=/dev/ttyqa'
/home/jason/egen/milton/admin/epl

The "epl" script has this​:

#!/usr/bin/perl -Td

$| = 1;
print "Content-type​: text/plain\n\n";

(The idea is to run with taint mode on, and have the debugger talk to an
xterm in another window which is running "sleep 1d |cat >/dev/null", thus
allowing me to debug the CGI script.)

Everything works well up to this point, and I can step through or run the
program. But if I type in any sort of expression to be evalled, the
debugger gives me a notice that the program has terminated, and the error
about the insecure eval gets logged in the Apache logs. Example​:

Loading DB routines from perl5db.pl version 1.01
Emacs support available.

Enter h or `h h' for help.

main​::(/home/jason/egen/milton/admin/epl​:3)​:
3​: $| = 1;
  DB<1> s 10
DB​::fake​::(/usr/lib/perl5/perl5db.pl​:2085)​:
2085​: "Debugged program terminated. Use `q' to quit or `R' to
restart.";
  DB<2> q

  That's all the pertinent information, I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant