Re: [Lxr-dev] Re: [Lxr-commits] CVS: lxr diff,1.10,1.11 find,1.18,1.19 ident,1.17,1.18 search,1.19,
Brought to you by:
ajlittoz
From: Dave B. <da...@br...> - 2004-07-16 22:12:23
|
Malcolm Box wrote: > Hi Dave, > > Dave Brondsema wrote: > | Modified Files: > | diff find ident search source > | Log Message: > | add -T switch for taint checking in CGI mode > > So what happens in mod_perl mode? There is definitely a problem with > the current httpwash function, but are we sure that the new filtering > doesn't open another security hole, including in mod_perl mode? > > We've already had one security hole through bad parameters, I don't want > another :-) > I enabled taint checking for mod_perl too. I had to "untaint" input in several places where it ended up in a vulnerable place. I didn't have to do this for the exec() calls because (I think) they are set up so that perl passes the parameters directly to the executing program (diff, glimpse, swish-e), not through the shell. So there's no shell vulnerability. Granted, weird parameters could make glimpse or swish-e do weird things, but I think that is out of our control. I untainted with pretty strict regexps when rcs commands were called from CVS.pm. I untainted without any validation when the config files are eval()'d. I think a more likely exploit would be someone passing a perl regexp to the find page which used up tons of CPU. -- Dave Brondsema : da...@br... http://www.splike.com : programming http://csx.calvin.edu : student org http://www.brondsema.net : personal |