Front page | perl.perl5.porters |
Postings from July 2001
The docs say that taint checking prevents opening a tainted filename for
writing. However, I can still open tainted filenames read-write using
+< , without the taint checks noticing (tested on perl 5.005, 5.6.1,
5.7.1, and 5.7.2). I reported the bug a day or so before 5.7.2 appeared,
but it seems not to've been fixed in 5.7.2.
Example code:
#!/usr/bin/perl -T
open (EEP,"+<$ARGV[0]");
print EEP "Snarg\n";
close(EEP);
Which, under perl versions 5.005, 5.6.1, 5.7.1, and 5.7.2, will gleefully
stick a "Snarg" in whatever filename I pass from the command line.
Obligatory one-line patch against 5.7.2:
diff -c perl-5.7.2/doio.c perl-5.7.2-fixed/doio.c
*** perl-5.7.2/doio.c Thu Jul 19 00:05:45 2001
--- perl-5.7.2-fixed/doio.c Wed Jul 18 23:52:21 2001
***************
*** 235,240 ****
--- 235,241 ----
if ((*type == IoTYPE_RDWR) && /* scary */
(*(type+1) == IoTYPE_RDONLY || *(type+1) == IoTYPE_WRONLY) &&
((!num_svs || (tend > type+1 && tend[-1] != IoTYPE_PIPE)))) {
+ TAINT_PROPER("open");
mode[1] = *type++;
writing = 1;
}
--
Sanity is a delusion on the part of those who cannot deal with reality.
Tentacles | World domination conspiracies | Deep psychotronic probes
Alien sex cults | Core: http://deekoo.net/ | pr0n: http://tentacled.net/
Chat: YeempEMP: deekoo~yarm.tentacled.net | mICQ: 35848456
Thread Next