The problem doesn't like in magic open. The problem lies in
assuming world writeable directories are safe. Consider the
following program:
foreach my $file (@ARGV) {
open my $fh => ">", $file or die "Failed to open $file: $!\n";
print $fh "Buzzle\n";
close $fh or die "Failed to close $file: $!\n";
}
Or even:
foreach my $file (@ARGV) {
truncate $file, 0 or die "Failed to truncate $file: $!\n";
}
which doesn't even open a file, let alone use magic open.
If you call any of those programs in a world writeable directory with * as argument as root, you're open
for a DoS attack. All the attacker needs to do is create
a symbolic link in the directory, pointing to an important
file like /etc/passwd or /vmunix, and
KABOOM!.
It would very insecure to think that using 3-arg open will
fix your problems.
Abigail
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|