Re: [PATCH] Re: [perl #24291] Taint checking against the wrong environment

In article <20031027160008.3b3377b_.rgarciasuarez@_ree._r>,
	Rafael Garcia-Suarez <rgarciasuarez@free.fr> writes:
> Ton Hospel wrote:
>>
>> If I understand correctly, the croak happens not on the localization
>> of ENV, but when the system() tries to use it ?
>
> Yes. I added the check for aliased *ENV in the same routine that
> checks for insecure $ENV{XYZ}. (It's thus only called with taint
> checks turned on.)

Perfect.

>
>> That sounds fine for my library. It fixes the security hole, I can still
>> fool CGI.pm with a fake env, and if the user tries to do a
>> system/exec/qr during that time, he will get an error (I wasn't too sure
>> about the proper behaviour for that last case anyways. The real PATH
>> etc. will in fact have been set to safe values, but the user maybe
>> expected his $ENV{PATH}=... to actually do something)
>
> Why do you want to alias *ENV by the way ?
> You could have done
>     local %ENV = (k1 => v1, ...);
> or
>     local %ENV = %ENV;
>     $ENV{k1} = v1; ...

It's an event driven setup to run many CGI's in parallel and it is meant
to be *FAST*. There is one fake environment hash reference per
connection object. Now if the corresponding input stream comes in in
many parts (consider many pending slow connections, or big fileuploads),
I will call the event handler many times, each time needing to switch in
about 40 environment variables. That's not only 40 useless calls to
setenv, but even worse, a lot of system calls. 

Observe:

strace perl -Twe 'local %ENV = (PATH =>"/a:/b:/c:/d:/e:/f")'

....
stat64("/a", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
stat64("/b", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
stat64("/c", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
stat64("/d", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
stat64("/e", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
stat64("/f", 0xbfffea9c)                = -1 ENOENT (No such file or directory)
.....

(there's also such a massive check for the original path on startup,
but I don't care about that, it's a persistent server)

Versus:

strace perl -Twe 'local *ENV = {PATH =>"/a:/b:/c:/d:/e:/f"}'

....
no stat calls on my new path (and no setenv calls)
....

So simply doing:

sub io_readevent_callback {
    my $connection = shift;
    local *ENV = $connection->{env};
    ....
}

makes things a lot faster.

• [perl #24291] Taint checking against the wrong environment by perlbug-followup
• Re: [perl #24291] Taint checking against the wrong environment by hv
• Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• Re: [perl #24291] Taint checking against the wrong environment by hv
• Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• Re: [perl #24291] Taint checking against the wrong environment by perl5-porters
• Re: [perl #24291] Taint checking against the wrong environment by Nicholas Clark
• Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• [PATCH] Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• Re: [PATCH] Re: [perl #24291] Taint checking against the wrong environment by perl5-porters
• Re: [PATCH] Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• Re: [PATCH] Re: [perl #24291] Taint checking against the wrong environment by perl5-porters
• Re: [PATCH] Re: [perl #24291] Taint checking against the wrong environment by Rafael Garcia-Suarez
• Re: [perl #24291] Taint checking against the wrong environment by perl5-porters