Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure dependency error in sprintf under -T #9629

Closed
p5pRT opened this issue Jan 20, 2009 · 5 comments
Closed

Insecure dependency error in sprintf under -T #9629

p5pRT opened this issue Jan 20, 2009 · 5 comments
Assignees
@jkeenan
Labels
distro-Linux type-library

Comments

@p5pRT
Copy link

p5pRT commented Jan 20, 2009

Migrated from rt.perl.org#62512 (status was 'open')

Searchable as RT62512$
@p5pRT
Copy link
Author

p5pRT commented Jan 20, 2009

From ericp@ActiveState.com

Created by ericp@activestate.com

This is triggered under the Perl debugger in Komodo,
with ActivePerl 5.8.10, when a program is debugged
when it's run with the -T argument. The data all
looks correctly untainted to me, but I can't track
where overload​::AddrRef gets its arguments from in
such a way that the sprintf's format statement would
be tainted. This is a tough repro.

Ref​: http​://bugs.activestate.com/show_bug.cgi?id=81647

Perl Info 

Flags:
    category=library
    severity=low

Site configuration information for perl 5.10.0:

Configured by ActiveState at Wed May 14 05:06:16 PDT 2008.

Summary of my perl5 (revision 5 version 10 subversion 0) configuration:
  Platform:
    osname=linux, osvers=2.4.21-297-default, archname=i686-linux-thread-multi
    uname='linux gila 2.4.21-297-default #1 sat jul 23 07:47:39 utc 2005 i686 i686 i386 gnulinux '
    config_args='-ders -Dcc=gcc -Dusethreads -Duseithreads -Ud_sigsetjmp -Uinstallusrbinperl -Ulocincpth= -Uloclibpth= -Accflags=-DUSE_SITECUSTOMIZE -Duselargefiles -Accflags=-DPRIVLIB_LAST_IN_INC -Dprefix=/home/ericp/opt/ActivePerl-5.10.0.1003 -Dprivlib=/home/ericp/opt/ActivePerl-5.10.0.1003/lib -Darchlib=/home/ericp/opt/ActivePerl-5.10.0.1003/lib -Dsiteprefix=/home/ericp/opt/ActivePerl-5.10.0.1003/site -Dsitelib=/home/ericp/opt/ActivePerl-5.10.0.1003/site/lib -Dsitearch=/home/ericp/opt/ActivePerl-5.10.0.1003/site/lib -Dsed=/bin/sed -Duseshrplib -Dcf_by=ActiveState -Dcf_email=support@ActiveState.com'
    hint=recommended, useposix=true, d_sigaction=define
    useithreads=define, usemultiplicity=define
    useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
    use64bitint=undef, use64bitall=undef, uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DUSE_SITECUSTOMIZE -DPRIVLIB_LAST_IN_INC -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
    optimize='-O2',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DUSE_SITECUSTOMIZE -DPRIVLIB_LAST_IN_INC -fno-strict-aliasing -pipe'
    ccversion='', gccversion='3.3.1 (SuSE Linux)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='gcc', ldflags =''
    libpth=/lib /usr/lib /usr/local/lib
    libs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    perllibs=-lnsl -ldl -lm -lcrypt -lutil -lpthread -lc
    libc=, so=so, useshrplib=true, libperl=libperl.so
    gnulibc_version='2.3.2'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E -Wl,-rpath,/home/ericp/opt/ActivePerl-5.10.0.1003/lib/CORE'
    cccdlflags='-fPIC', lddlflags='-shared -O2'

Locally applied patches:
    ACTIVEPERL_LOCAL_PATCHES_ENTRY
    33741 avoids segfaults invoking S_raise_signal() (on Linux)
    33763 Win32 process ids can have more than 16 bits
    32809 Load 'loadable object' with non-default file extension
    32728 64-bit fix for Time::Local


@INC for perl 5.10.0:
    /home/ericp/opt/ActivePerl-5.10.0.1003/site/lib
    /home/ericp/opt/ActivePerl-5.10.0.1003/lib
    .


Environment for perl 5.10.0:
    HOME=/home/ericp
    LANG=en_US.UTF-8
    LANGUAGE (unset)
    LD_LIBRARY_PATH (unset)
    LOGDIR (unset)
    PATH=/home/ericp/bin:/usr/local/bin:/home/ericp/opt/ruby-1.8.6/bin:/home/ericp/opt/ActivePython-2.5.2.2/bin:/home/ericp/bin:/home/ericp/svn/apps/komodo/util/black:/home/ericp/opt/PDK-Pro-7.0.0.277058-linux/bin:/home/ericp/opt/ActivePerl-5.10.0.1003/bin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/lib/ccache:/usr/local/bin:/bin:/usr/bin:/home/ericp/opt/ActiveTcl8.5.4.0/bin:/home/ericp/bin
    PERLDOC_PAGER=less
    PERL_BADLANG (unset)
    SHELL=/bin/bash

@p5pRT
Copy link
Author

p5pRT commented Jan 20, 2009

From @rgs

2009/1/20 via RT Eric Promislow <perlbug-followup@​perl.org>​:

This is triggered under the Perl debugger in Komodo,
with ActivePerl 5.8.10, when a program is debugged
when it's run with the -T argument. The data all
looks correctly untainted to me, but I can't track
where overload​::AddrRef gets its arguments from in
such a way that the sprintf's format statement would
be tainted. This is a tough repro.

Ref​: http​://bugs.activestate.com/show_bug.cgi?id=81647

If there is no way to reproduce it with a stock perl, I'm afraid this
bug would have to be closed. Is it possible to get all the relevant
elemtns out ok Komodo ?

@p5pRT
Copy link
Author

p5pRT commented Jan 20, 2009

The RT System itself - Status changed from 'new' to 'open'

@jkeenan
Copy link
Contributor

jkeenan commented Feb 22, 2020

The RT System itself - Status changed from 'new' to 'open'

The original poster never supplied enough information back in 2008 to debug this problem. The particular website cited is no longer reachable. Taking this ticket for the purpose of closing it within 7 days unless anyone objects.

From @rgs

2009/1/20 via RT Eric Promislow <perlbug-followup@​perl.org>​:

This is triggered under the Perl debugger in Komodo,
with ActivePerl 5.8.10, when a program is debugged
when it's run with the -T argument. The data all
looks correctly untainted to me, but I can't track
where overload​::AddrRef gets its arguments from in
such a way that the sprintf's format statement would
be tainted. This is a tough repro.
Ref​: http​://bugs.activestate.com/show_bug.cgi?id=81647

If there is no way to reproduce it with a stock perl, I'm afraid this
bug would have to be closed. Is it possible to get all the relevant
elements out of Komodo ?

The original poster never supplied enough information back in 2008 to debug this problem. The particular website cited is no longer reachable. Taking this ticket for the purpose of closing it within 7 days unless anyone objects.

@jkeenan jkeenan self-assigned this Feb 22, 2020
@jkeenan
Copy link
Contributor

jkeenan commented Mar 1, 2020

The RT System itself - Status changed from 'new' to 'open'

The original poster never supplied enough information back in 2008 to debug this problem. The particular website cited is no longer reachable. Taking this ticket for the purpose of closing it within 7 days unless anyone objects.

From @rgs

2009/1/20 via RT Eric Promislow <perlbug-followup@​perl.org>​:

This is triggered under the Perl debugger in Komodo,
with ActivePerl 5.8.10, when a program is debugged
when it's run with the -T argument. The data all
looks correctly untainted to me, but I can't track
where overload​::AddrRef gets its arguments from in
such a way that the sprintf's format statement would
be tainted. This is a tough repro.
Ref​: http​://bugs.activestate.com/show_bug.cgi?id=81647

If there is no way to reproduce it with a stock perl, I'm afraid this
bug would have to be closed. Is it possible to get all the relevant
elements out of Komodo ?

The original poster never supplied enough information back in 2008 to debug this problem. The particular website cited is no longer reachable. Taking this ticket for the purpose of closing it within 7 days unless anyone objects.

Closing as per schedule.

@jkeenan jkeenan closed this as completed Mar 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkeenan jkeenan

Labels
distro-Linux type-library
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkeenan @p5pRT