Re: Can System() of Perl be bypassed?
From: Ilya Martynov (ilya@martynov.org)
Date: 01/22/03
- Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
- In reply to: Sandeep Giri: "Can System() of Perl be bypassed?"
- Next in thread: Glynn Clements: "Re: Can System() of Perl be bypassed?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Sandeep Giri <sandeepgiri@indiatimes.com> From: Ilya Martynov <ilya@martynov.org> Date: Thu, 23 Jan 2003 01:09:56 +0300
>>>>> On 22 Jan 2003 07:03:27 -0000, Sandeep Giri <sandeepgiri@indiatimes.com> said:
SG> Hi All,
SG> In my PERL code,I am using user's input as command line argument for the
SG> program being executed by System().
It depends. Perl's system() may be given a single string as its
argumens or a list. In the first case it will pass this string to the
shell which will try to interpret it. For example
system("cat $file");
This is dangerous as $file can contain something that will interpreted
by shell as an additional commands. For example $file might containt
something destructive as '; rm -rf /'.
If you specify a list than system() doesn't use shell and it's usage
is much safer:
system('cat', $file);
This will try to only print file specified by $file variable no matter
what $file contains.
It is actually is covered in Perl documentation. See 'perldoc -f
system'.
Still if you let arbitrary user input as an argument to some program
you must be sure that this program will be able to handle it in safe
manner. Personally I would ensure that user imput is clean and is
something that the program expect before passing it to the program. It
is just safer.
SG> Can user run command of his choice by giving malicious input?
SG> Is PERL's -T (Taint mode) the solution for this?
Yes and no. Taint mode helps you to catch bugs when you pass arbitrary
user input to system() by accident. Perl simply refuses to use tainted
vars as arguments for system(). But if you willingly untaint it
without actually verifing and removing bad dangerous data and then
pass it to system() then Perl cannot help you. You are on your own
here.
You might want to read 'perldoc perlsec' to learn more about taint
mode.
-- Ilya Martynov, ilya@iponweb.net CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org
- Next message: Glynn Clements: "Re: Can System() of Perl be bypassed?"
- Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
- In reply to: Sandeep Giri: "Can System() of Perl be bypassed?"
- Next in thread: Glynn Clements: "Re: Can System() of Perl be bypassed?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
