develooper Front page | perl.perl5.porters | Postings from December 2001

Taint check dynamic method calls and symbolic refs?

Thread Next
From:
Michael G Schwern
Date:
December 29, 2001 13:43
Subject:
Taint check dynamic method calls and symbolic refs?
Message ID:
20011229214343.GE25336@blackrider
Just caught this conversation on #perl.

<sadMerlyn> the SOAP::Lite bug is detailed at 
            http://www.phrack.org/show.php?p=58&a=9
<sadMerlyn> basically, any use of SOAP::Lite trusts the method names, and 
            can be used to execute arbitrary subroutines with arbitrary 
            arguments
<lathos> Oh dear.
<sadMerlyn> the author didn't know that $a = "Foo::Bar", $b->$a(@x) 
            invokes Foo::Bar
<sadMerlyn> thought it could only exceute $b methods, apparently
<sadMerlyn> and taint mode didn't help


Which raises the question, why didn't taint mode help?

So would it be a good idea to make $obj->$tainted(@args) a taint
violation along with $tainted->(@args) and basically any other use of
a tainted variable as a symbolic reference?  Seems Ripe For Evil.


-- 

Michael G. Schwern   <schwern@pobox.com>    http://www.pobox.com/~schwern/
Perl Quality Assurance	    <perl-qa@perl.org>	       Kwalitee Is Job One
Our business in life is not to succeed but to continue to fail in high spirits.
		-- Robert Louis Stevenson

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About