i wouldn't even do that. there's really no excuse for not using Taint mode if your script is opening files based on untrusted user input.
with taint mode you would do something like:
my $filename = "";
if($input{'file'} =~ /^(\w+\.?\w{2,4})$/) {
$filename = $1;
} else {
die "somebody is trying to do bad things";
}
# do stuff with $filename
the idea is to only allow as much as you absolutely need to. doing anything else essentially comes down to you trying to predict how someone will attack the script and specifically blocking those attacks. not good since it means you have to know every possible attack they might try. if you miss one thing, you're screwed. taint mode encourages you to only allow as limited a set of inputs as possible.
to be even more safe, you should probably use sysopen instead of open. if you're doing an "edit" of an existing file rather than creating a new one, you might also want to load the list of files that are in the directory into a hash and check that $input{'file'} actually matches one of them.
but the most important thing is to use taint mode. i would suggest that before you go live with this program (however you've implemented it), you read and understand every line of the perlsec manpage. it would also be illustrative to read about the poison NULL byte for an idea of how subtle the attacks can get and why it's not good to base your security on trying to anticipate them all.
anders pearson
|