develooper Front page | perl.perl5.porters | Postings from July 2001

[ID 20010711.004] Taint checking bypassed on read-write file opening

From:
deekoo
Date:
July 11, 2001 23:03
Subject:
[ID 20010711.004] Taint checking bypassed on read-write file opening
Message ID:
Pine.LNX.4.33.0107112224250.11926-100000@chaos.tentacle.net
Package: perl-base
Version: 5.6.1-5

Using perl 5.6.1 on Debian (unstable), taint checking fails to prevent
read/write opens of tainted filenames.

#!/usr/bin/perl -T
open (EEP,"+<$ARGV[0]");
print EEP "Snarg\n";
close(EEP);

This snippet will gleefully stick "Snarg"s in whatever filename the user
specifies, without taint checks noticing.

Suggested fix: make +< opens use taint checking.

This may also affect other perl versions; I haven't tested them.






nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About