David K. Wall
2003-08-25 17:34:32 UTC
I am having the same error message
insecure dependency open while running setgid
as another user on tripod ( i am quoting the old post at the end
of this message)
i believe the problem is as Bart points out
"that the name of the file-to-open is simply copied from
one of the CGI parameters"
but that's how i get the file name, from cgi input.
Don't do that. Bart (Lateur?) is right, this is a horrible securityinsecure dependency open while running setgid
as another user on tripod ( i am quoting the old post at the end
of this message)
i believe the problem is as Bart points out
"that the name of the file-to-open is simply copied from
one of the CGI parameters"
but that's how i get the file name, from cgi input.
hole.
so from Bart's and others posts i understand that the filename is
tainted.
my question is : what could i do to untaint it, as i have very
limited priviliges on a shared server- tripod
i was not able to fully understand Bart's last paragraph when he
says "choose one of a few possibilities for file names in
a hash"
Something like the following.tainted.
my question is : what could i do to untaint it, as i have very
limited priviliges on a shared server- tripod
i was not able to fully understand Bart's last paragraph when he
says "choose one of a few possibilities for file names in
a hash"
#!/usr/bin/perl -wT
use strict;
use CGI;
# use a hash to store filenames
# hash keys are in the HTML form
# hash values are the real path/filenames
my %datafiles = (
file1 => '/path/data1',
file2 => '/path/data2'
);
my $selected = param('filename_from_CGI_form');
my $file;
if ( defined $datafiles{$selected} ) {
$file = $datafiles{$selected};
}
else {
# maybe set a default $file, or
# output an error message and exit
}
open FILE, '<', $file or
die "Cannot open data file, user chose $selected: $!";
# ...
--
David Wall
David Wall