Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: The importance of avoiding the shell

by petdance (Parson)
on Sep 25, 2014 at 15:50 UTC ( [id://1101992]=note: print w/replies, xml ) Need Help??


in reply to The importance of avoiding the shell

This also points to one of Perl 5's great features, taint mode and the -T flag.

The core of the bash problem is that it takes outside data and treats it as code. Perl's -T flag prevents your program from making the same mistake without explicitly untainting the data.

From perlsec:

(With -T enabled), you may not use data derived from outside your program to affect something else outside your program--at least, not by accident. All command line arguments, environment variables, locale information (see perllocale), results of certain system calls ("readdir()", "readlink()", the variable of "shmread()", the messages returned by "msgrcv()", the password, gcos and shell fields returned by the "getpwxxx()" calls), and all file input are marked as "tainted". Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes, with the follow- ing exceptions: ...
It pains me that so far there are no plans (so far as I know) to carry over taint mode into Perl 6.

xoxo,
Andy

  • Comment on Re: The importance of avoiding the shell

Replies are listed 'Best First'.
Re^2: The importance of avoiding the shell
by Anonymous Monk on Sep 26, 2014 at 15:14 UTC
    To be clear in my head, you're saying that if I run CGI scripts in taint mode that I don't need to worry about this bash bug from CGI?
[reply]

      I'm pretty sure that is what he's saying, but he's wrong if that's the case. 

      $ HTTP_ACCEPT='() { :;}; echo 0wn3d' \
   perl -T -e'$ENV{PATH}=""; system(q(/bin/ls -- "$HOME"))'
0wn3d
... contents of home dir ...

      [download]

      While $ENV{HTTP_ACCEPT} is tainted, system doesn't check if it's tainted.

[reply]
[d/l]
[select]

      Taint mode, like most security measures, is "just" an additional security measure. Whether or not you "need to worry" depends a whole lot on the individual situation. Generally, turning on taint mode in CGI scripts is a good idea, but it is not a silver bullet.

[reply]
      No, I am not making any claims about taint mode mitigating the bash bug.

      My point is that the bash bug is, at its core, about treating untrusted data as executable code. Perl's taint mode is designed to catch that problem in Perl code.

      Say you get an argument from the command line in your Perl program. That variable is now tainted, because it came from an untrusted source. Now, say you try to execute a command with system using that variable. Perl's taint mode will disallow it because the data fed to system is untrustworthy.

      xoxo,
      Andy

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1101992]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2024-04-16 09:48 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found