| CARVIEW |
Select Language
HTTP/2 200
cache-control: max-age=43200
server: Combust/Plack (Perl)
vary: Accept-Encoding
content-encoding: gzip
content-length: 1768
content-type: text/html; charset=utf-8
last-modified: Sat, 11 Oct 2025 12:05:46 GMT
traceparent: 717a34135489ee9f8c48bc970c3d05bd
strict-transport-security: max-age=15768000
Re: Taint bug (was: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open)) - nntp.perl.org
Front page | perl.perl5.porters |
Postings from July 2008
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About
Front page | perl.perl5.porters |
Postings from July 2008
Re: Taint bug (was: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open))
From:
Ed AvisDate:
July 29, 2008 16:30Subject:
Re: Taint bug (was: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open))Message ID:
loom.20080729T232121-391@post.gmane.org
Tom Christiansen <tchrist <at> perl.com> writes:
>To my mind, it's a bug that while(<>) in taint mode doesn't
>realize that a raw @ARGV from the command line is unsafe.
FWIW, I agree. Since currently <> uses unsafe open, taint should flag it. At
the moment you get no error, until one of the arguments happens to contain a
shell metacharacter, at which point the program dies with a taint error. It
would be better to die for all cases because then the programmer has a chance to
spot the problem sooner.
But, again, this might prompt you to ask why just 'reading the files' should
need taint checking. After all, there is no taint error for
#!/usr/bin/perl -T
use warnings;
use strict;
my $filename = <STDIN>;
chomp $filename;
open my $fh, '<', $filename or die $!;
close $fh or die $!;
It executes just fine, and that is entirely correct. The open() call is safe,
in that no matter what filename it is passed it will do what it says on the tin
and try to open a file of that name for reading.
Taint checking and safe, predictable I/O commands are orthogonal. If you have a
command like 3-arg open which doesn't rely on magic characters interpolated into
a string to change its behaviour, then taint checking is not needed. Only
inherently unsafe (powerful, but potentially dangerous) operations like eval
"$code", /$regexp/, open($fh, "$magic_string") need the extra check.
--
Ed Avis <eda@waniasset.com>
- Re: Taint bug (was: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open)) by Ed Avis
nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About