New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Taint checking against the wrong environment #6866
Comments
From perl-5.8.0@ton.iguana.beCreated by perl-5.8.0@ton.iguana.beI was experimenting with an event-driven setup emulating perl -Twle '%a=(a=>4, b=>5); *ENV=\%a; system("echo unsafe")' while I expected what happens for this code: So the system() safety checks are done against %ENV instead of Perl Info
|
From @hvds"perl-5.8.0@ton.iguana.be (via RT)" <perlbug-followup@perl.org> wrote: Ouch. I note that also if the new %ENV includes a PATH I get a perl -Twe '%a=(PATH=>"util"); *ENV=\%a; system("echo unsafe")' I believe this is happening because mg_find() assumes it will never The main question I think is what C< *ENV = \%myenv > should mean: (Hmm, can we even tell? C< *ENV = \*A; *A = \%myenv > may make Hugo |
From @rgshv@crypt.org wrote:
I recently documented in perlsub that C<local *foo> doesn't preserve Considering this, I think that a glob assignment to *ENV should drop |
From @hvdshv@crypt.org wrote: Oops, I should have tried it with a non-relative path: it works fine. Hugo |
From perl5-porters@ton.iguana.beIn article <20031026130818.430969_4.rgarciasuarez@_ree._r>,
What I had expected to happen is that perl internally has a reference In my particular application I don't actually want all these setenv's to |
From @rgshv@crypt.org wrote:
That's correct, and I fixed the coredump case by change #21542.
Maybe do nothing and let people shoot in their feet. Maybe just forbid aliasing *ENV at all. (with the collateral damage |
From perl5-porters@ton.iguana.beIn article <20031027002524.7b444942.rgarciasuarez@_ree._r>,
Crashing, dieing, compile erors etc. are all solutions (though (my expectation and preferred solution was already mentioned in my |
From @nwc10On Sun, Oct 26, 2003 at 11:31:42PM +0000, Ton Hospel wrote:
SEGVs better than continuing? I can't agree. Nicholas Clark |
From @rgsTon Hospel wrote:
I just fixed the coredump case. It was very data-dependent and didn't
I don't like special-casing "local *ENV" over all other "local *symbol". Other proposal : in TAINT_ENV, the routine that checks for a tainted |
From @rgsI proposed :
With the patch below, I have these results : $ ./perl -Twle '%a=(a=>4, b=>5); *ENV=\%a; system("echo unsafe")' $ ./perl -Twle '%a=(a=>4, b=>5); *ENV=*a; system("echo unsafe")' i.e. when doing a TAINT_ENV check, immediately croak if %ENV is no The behaviour of perl is not changed when not in -T or -t mode : i.e. If no objections or improvement proposals, I'll commit this. Index: pod/perldiag.pod--- pod/perldiag.pod (revision 2730) +=item %ENV is aliased to %s (F) An error peculiar to VMS. Because Perl may have to deal with file
|
From perl5-porters@ton.iguana.beIn article <20031027115225.7c21a92c.rgarciasuarez@_ree._r>,
If I understand correctly, the croak happens not on the localization That sounds fine for my library. It fixes the security hole, I can still |
From @rgsTon Hospel wrote:
Yes. I added the check for aliased *ENV in the same routine that
Why do you want to alias *ENV by the way ? |
From perl5-porters@ton.iguana.beIn article <20031027160008.3b3377b_.rgarciasuarez@_ree._r>,
Perfect.
It's an event driven setup to run many CGI's in parallel and it is meant Observe: strace perl -Twe 'local %ENV = (PATH =>"/a:/b:/c:/d:/e:/f")' .... (there's also such a massive check for the original path on startup, Versus: strace perl -Twe 'local *ENV = {PATH =>"/a:/b:/c:/d:/e:/f"}' .... So simply doing: sub io_readevent_callback { makes things a lot faster. |
From @rgsTon Hospel wrote:
I've then applied the patch to bleadperl (21563). |
@rgs - Status changed from 'new' to 'resolved' |
Migrated from rt.perl.org#24291 (status was 'resolved')
Searchable as RT24291$
The text was updated successfully, but these errors were encountered: