There's more than one way to do things | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I have been asked to render an opinion as to the security of a CGI script that appears to be cobbled together from some fairly old bits (witness the use of cgi-lib.pl).
I am poor at sniffing out vulnerabilities in code written in ways I would not have chosen in the first place so I have two questions of those more practiced in this: 1)Is the following material vulnerable from a security perspective? 2)What is some sample input that would demonstrate that vulnerability? (The boss-man will want to know.) The whole script these fragments come from has a variety of issues (e.g.: the possibility of simultaneous writes to the data file <Update> and the simplistic invocation of the sendmail pipe </Update>) but my specific question here is regarding any security issues. The original script lacks '-T' taint checking (this will be rectified <Update> which will, of course, require some sort of untainting of greater or lesser degree </Update>). So I guess my question boils down to whether there is a problem with printing potentially tainted form data to a file and to the sendmail pipe -- and how can I quickly demonstrate any vulnerabilities <Update> and code appropriate untainting </Update>. <Update> The script does no sanity checks on the data in the '%in' hash </Update> and I am assuming that cgi-lib.pl does nothing to untaint the values it passes from the html form.
------------------------------------------------------------
In reply to Vetting a CGI script by dvergin
|
|