-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no taint checks on symbolic references #5319
Comments
From ota-11@andrew.pimlott.net(I tried querying for this on bugs.perl.com, but I'm not sure it was The following runs without warning: #!/usr/bin/perl -T $ENV{PATH} = '/bin'; sub iownyou { print "Game over\n" } If you type in "iownyou", it runs &iownyou. Taint checking has no effect on The idea is from a Phrack article: http://www.phrack.com/show.php?p=58&a=9 Andrew Perl Info
|
From @jhiOn Thu, Apr 11, 2002 at 04:00:24PM -0400, Andrew Pimlott wrote:
This is not so much different [1] from $ENV{PATH} = '/bin'; In other words, taint does not affect control flow. [1] Symbolic references is of course "powerful" since it gives you
Everybody seems to be finding this :-) (I did few days ago) I quote from perlsec: ... taint mode ... Months ago there was discussion about this, but the end result was -- |
From @jhiOn Thu, Apr 11, 2002 at 04:33:06PM -0400, Andrew Pimlott wrote:
Something to ponder for 5.9.
-- |
From [Unknown Contact. See original ticket]Jarkko Hietaniemi wrote:
What about something like this: chomp(my ($class, $meth, @args) = <>); And the user types in: Is this still merely flow control?
Changing perl to prevent use of tainted method names or symbolic Hmm, how to phrase it, though... -- |
From @jhi
Yes. Look it up. Do not think that I'm saying this is an innocent or insignificant Taint is not a silver bullet that completely and instantly and
Don't fool yourself by stopping at that. It must be all of control flow.
That's easy: "Don't use symbolic method names or do symbolic reference sub calls." The real question where to put it. -- |
From [Unknown Contact. See original ticket]On Thu, Apr 11, 2002 at 11:32:15PM +0300, Jarkko Hietaniemi wrote:
This is a good explanation and I buy it. I would only add that It Andrew |
From @AbigailOn Thu, Apr 11, 2002 at 04:33:06PM -0400, Andrew Pimlott wrote:
But, as Jarkko says, "don't use symbolic references or symbolic As for a different kind of taint preventing tainted data to affect die "Dangerous data\n" unless But now you suddenly have tainted data affecting control flow.... Abigail |
From @paulg1973I suggest that the language about taint and symbolic references to into Thanks |
From @jhiI consulted the Supreme Justice of The Camel and thus spake Judge Wall: : Well, I presume this might have prevented the SOAP::Lite fiasco? Seems So I repent. -- |
From @jhiOn Fri, Apr 12, 2002 at 07:05:58PM +0300, Jarkko Hietaniemi wrote:
More context: I asked only about the symbolic method names and symbolic
Any takers for the patch? -- |
From @jhiOn Fri, Apr 12, 2002 at 07:08:38PM +0300, Jarkko Hietaniemi wrote:
More: in Larry's opinion the larger issue of control flow is not Also, an earlier quote: : Well, taint was never designed to catch everything. But it's probably
In other words: $obj->$method... should die if $method or $subref are tainted. -- |
From @vanstynJarkko Hietaniemi <jhi@iki.fi> wrote: I don't think we should try to shoehorn this into 5.8 - it is too big Hugo |
From @jhiOn Fri, Apr 12, 2002 at 06:04:40PM +0100, Hugo van der Sanden wrote:
I would be all too happy to agree, 5.8 is burning in my pocket, so
-- |
From @iabynIn a still-open ticket from 2002, it was pointed out that &$tainted() would not fail under -T, i.e. external tainted data could 1) the following three should die under -T: $obj->$tainted... 2) "introducing several classes of taint checks and allowing a program (at (2) sounds complicated. I'm tempted to provide fixes for (1). (Note that -- |
From @dglHi, On Sat, Mar 20, 2010 at 04:48:54PM +0000, Dave Mitchell wrote:
[..]
I think only the middle one wouldn't be allowed under strict.. FOO=UNIVERSAL::isa perl -Mstrict -T -E'my $foo = bless{}; my $x = $ENV{FOO}; $foo->$x' FOO=UNIVERSAL perl -Mstrict -T -E'my $foo = bless {}; my $x = $ENV{FOO}; $x->isa' The "$foo->$x" notation is especially scary; like another comment David |
From @AbigailOn Sat, Mar 20, 2010 at 04:48:54PM +0000, Dave Mitchell wrote:
1) is explicitely *excluded* from taint checking; quoting perlsec: Tainted data may not be used directly or indirectly in any command that ? Arguments to "print" and "syswrite" are not checked for ? Symbolic methods $obj->$method(@args); and symbolic sub references &{$foo}(@args); are not checked for taintedness. Changing that would not be a bug-fix, but a policy change. Abigail |
From @iabynOn Tue, Mar 23, 2010 at 01:33:52PM +0100, Abigail wrote:
Yeah thanks. After thinking about it some more, I've downgrade the ticket I;ve also noticed you can do 'goto $tainted_label' and there's probably a -- |
From @iabynI've downgraded this ticket to notabug/wishlist on the grounds that its |
From @AbigailOn Wed, Mar 24, 2010 at 10:54:41PM +0000, Dave Mitchell wrote:
Yeah, and we can do while ($i ++ != $tainted_value) { ... } as well. I never saw that as a problem. I always considered tainting checks whether Abigail |
@chorny - Status changed from 'open' to 'stalled' |
Migrated from rt.perl.org#8928 (status was 'stalled')
Searchable as RT8928$
The text was updated successfully, but these errors were encountered: