Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Win32 taint...shouldn't this fail?

by InfiniteSilence (Curate)
on Sep 19, 2001 at 21:15 UTC ( [id://113411]=perlquestion: print w/replies, xml ) Need Help??

InfiniteSilence has asked for the wisdom of the Perl Monks concerning the following question:

I have run the following code on Win32 using ActiveState perl 5.6. 
#!/usr/local/bin/perl -Tw
       use CGI ':standard';
       $file = param('file');
       $comment = param('comment');
       unless ($file) { $file = 'xcanalys.txt'; }
       unless ($comment) { $comment = 'No comment'; }
       open (OUTPUT, ">>./" . $file) or die "$!";
       print OUTPUT $comment . "\n";
       close OUTPUT;
       print header, start_html;
       print "<P>Thanks!</P>\n";       
       print end_html;
1;

[download]
Here is the command line: 
perl -T tainttest.pl
(offline mode: enter name=value pairs on standard input)
^Z

[download]
Without untainting the information coming out from param(), this short script appends to the file! Isn't this supposed to fail?

Celebrate Intellectual Diversity

Replies are listed 'Best First'.
Re: Win32 taint...shouldn't this fail?
by nardo (Friar) on Sep 19, 2001 at 21:48 UTC
    It looks like you aren't entering in a filename, if that's the case then $file gets its value directly from the script ($file = 'xcanalys.txt';) which is why it isn't tainted.
[reply]
[d/l]
Re: Win32 taint...shouldn't this fail?
by hopes (Friar) on Sep 20, 2001 at 04:08 UTC
    Hi, This is what I've found in CGI documentation

    "
    ...
    If a value is not given in the query string, as in the queries ``name1=&name2='' or ``name1&name2'', it will be returned as an empty string. This feature is new in 2.63.
    ...
    "

    So, as you don't give any value to the param 'comment'

    $comment = param('comment');

    [download]

    $comment will have the empty value ''.
    Then
    unless ($comment) { $comment = 'No comment'; }
    will update $comment to 'No comment' (An empty value is false, so $comment evaluates to false, an the code is executed)

    I'm using version 2.36 1997/5/10 8:22 and I can't see any difference in behaviour. I get the same result.

    Regards

    Hopes
[reply]
[d/l]
[select]
Re: Win32 taint...shouldn't this fail?
by InfiniteSilence (Curate) on Sep 20, 2001 at 18:02 UTC
    Oops, I added the incorrect information as to what I typed in on the command line. I tried it this way as well: 
    perl -t tainttest.pl
(offline mode: enter name=value pairs on standard input)
file=foo.txt
comment="now"
^Z

    [download]
    This modifies foo.txt with the argument. I tried the same thing on a UNIX box and it failed, as expected. Anybody know any reason why taint checking is not working on the Win32 command line?

    Celebrate Intellectual Diversity

[reply]
[d/l]
      OK, well...

      In Linux, when you do
      ^Z (CTRL+Z)
      you are stopping the current process (and there is no output in the file)

      To end the tainting, you should make ^D (instead ^Z)

      I've executed my script in a i386-Linux with Perl v5.6.0 and the output is what you expect.

      Hope this help
      hopes
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://113411]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2024-04-19 13:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found