develooper Front page | perl.perl5.porters | Postings from March 2000

magic open of ARGV

From:
M.J.T. Guy
Date:
March 14, 2000 22:30
Subject:
magic open of ARGV
Message ID:
E12V7Jw-0002PL-00@ursa.cus.cam.ac.uk
No, I'm *not* trying to restart this flame war.   But it was a "security"
issue, and security seems to be in fashion at the moment, and it *was*
left in a somewhat unsatisfactory state.

THe story so far, for the benefit of younger readers:
[ with the usual IIRC caveats  -  go to the archives if you want the
  real facts
]
There's a booby trap when magic open (i.e. initial/final special
characters like < > |) is used in conjunction with <>.    Suppose
some devious person has left around a file such as "| rm -rf *;".
THen root's cron job comes along and does

           my_scan_command *

and ... Boom!     Here's a more innocent demonstration:

$ cat >'| echo Bwahahahaha'
hkgfjhgfhgf
$ perl -wne '' *
Bwahahahaha
$

Note that the Perl script is obviously "so simple it can't have any
security holes".

There were two proposals for fixing this: a maximal one which would
have banned all magic in association with <>, and a minimal one
(championed by Tom C) which would have made the open non-magic iff
a file of that name existed.   So the minimal proposal is essentially
backwards compatible, and loses no functionality apart from active
malice.

A major flame war ensued between the proponents of the two proposals; it
was clear no compromise was available.    But noone was advocating
the status quo.    So it was decided to get a decree from Larry.
But Larry was out of circulation at the time, so answer came there none.
(Or at least, nothing was heard in public.)

And so it has remained, with a situation (the status quo) which noone
wanted.     But Tom's proposal for minimal change, being a subset
of the more radical proposal, would be preferred to the status quo
by everyone.    And Tom had provided a patch.

It would be great to get a decision from Larry (Hi Larry!).   But in
the absence of a decision, it would make sense to apply Tom's patch,
without prejudice to possible more radical reform later.

Comments?


Mike Guy



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About