Front page | perl.perl5.porters |
Postings from July 2001
<deekoo@tentacle.net> writes:
>The docs say that taint checking prevents opening a tainted filename for
>writing. However, I can still open tainted filenames read-write using
>+< , without the taint checks noticing (tested on perl 5.005, 5.6.1,
>5.7.1, and 5.7.2). I reported the bug a day or so before 5.7.2 appeared,
>but it seems not to've been fixed in 5.7.2.
>
>Example code:
>#!/usr/bin/perl -T
>open (EEP,"+<$ARGV[0]");
>print EEP "Snarg\n";
>close(EEP);
>
>Which, under perl versions 5.005, 5.6.1, 5.7.1, and 5.7.2, will gleefully
>stick a "Snarg" in whatever filename I pass from the command line.
>
>Obligatory one-line patch against 5.7.2:
Thanks applied - Change 11410
>diff -c perl-5.7.2/doio.c perl-5.7.2-fixed/doio.c
>*** perl-5.7.2/doio.c Thu Jul 19 00:05:45 2001
>--- perl-5.7.2-fixed/doio.c Wed Jul 18 23:52:21 2001
>***************
>*** 235,240 ****
>--- 235,241 ----
> if ((*type == IoTYPE_RDWR) && /* scary */
> (*(type+1) == IoTYPE_RDONLY || *(type+1) == IoTYPE_WRONLY) &&
> ((!num_svs || (tend > type+1 && tend[-1] != IoTYPE_PIPE)))) {
>+ TAINT_PROPER("open");
> mode[1] = *type++;
> writing = 1;
> }
--
Nick Ing-Simmons
http://www.ni-s.u-net.com/
Thread Previous