Insecure $ENV{ENV} while running with -T switch

青春壹個敷衍的年華 提交于 2019-12-05 19:51:28

2nd Edition of Answer

The perldoc perlsec manual describes taint mode (there is also perldoc Taint for a module related to Taint mode).

In part, it illustrates:

$path = $ENV{'PATH'};       # $path now tainted

$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

$path = $ENV{'PATH'};       # $path now NOT tainted
system "echo $data";        # Is secure now!

After the $ENV{PATH} = undef; in your code, I was warned about CDPATH. So, adapting that code, I used (perl2.pl again):

#!/usr/bin/env perl -T
use warnings;
use 5.012;

delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

my $filename = 'perl2.pl';

if ($filename =~ /^([0-9a-z_.]+)\z/)
{
    my $lines = `/usr/bin/wc -l $1`;
    print $lines;
}

With the answer '13 perl2.pl' this time. This is far less draconian than the 1st Edition of the answer.

1st Edition of Answer

This draconian solution 'works':

#!/usr/bin/env perl -T
use warnings;
use 5.012;

foreach my $env (keys %ENV)
{
    undef $ENV{$env};
}

my $filename = 'perl2.pl';

if ($filename =~ /^([0-9a-z_.]+)\z/)
{
    my $lines = `/usr/bin/wc -l $1`;
    print $lines;
}

If the script is called 'perl2.pl', then running perl -T perl2.pl yields the answer '16 perl2.pl' (if you don't have any trailing blank lines).

I call it 'draconian' because I've unset every environment variable, piecemeal.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!