Re: perl fingerd stupidity

Greg Bacon (gbacon@CRP-201.ADTRAN.COM)
Fri, 01 Aug 1997 08:30:03 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: DI. Dr. Klaus Kusche: "Small problem in AIX write command: Executes shell"
Previous message: der Mouse: "Re: Net/OpenBSD local reboot"
Maybe in reply to: Chris Terry: "perl fingerd stupidity"

If that fingerd were run with taint checks on (i.e. #! perl -T), then
it wouldn't be such a huge hole. A better way to have done it would
be something like:

#! /usr/bin/perl -T

require 5; # if you don't have it, upgrade already! :-)

$ENV{PATH} = join ":", qw( /bin /usr/bin );

$user = <STDIN>;
chomp $user;

if (-e "/usr/lib/finger/$user") {
system "perl", "/usr/lib/finger/$user";
}
else {
system "perl", "/usr/lib/finger/default", $user;
}

Note that passing a list to system (or exec) bypasses the shell, so
even if $user eq 'foo; rm -rf /', there is no danger as far as this
script is concerned (it all depends on what those scripts in /usr/lib
are doing with their arguments).

(If you're still wondering about taint checks, -T is just an instruction
to perl telling it that it shouldn't let data from the outside world come
in and be a part of operations that affect the outside world without first
being subject to a thorough looking over.)

Greg

--
open(G,"|gzip -dc");$_=<<EOF;s/[0-9a-f]+/print G pack("h*",$&)/eg
f1b88000b620f22320303fa2d2e21584ccbcf29c84d2258084
d2ac158c84c4ece4d22d1000118a8d5491000000
EOF

Next message: DI. Dr. Klaus Kusche: "Small problem in AIX write command: Executes shell"
Previous message: der Mouse: "Re: Net/OpenBSD local reboot"
Maybe in reply to: Chris Terry: "perl fingerd stupidity"