Hi Jan,

>  The "real" problem is that while(<>) is using the 2-arg form of
>  open(), so specially crafted filenames ending with a '|' can
>  executed arbitrary commands when you run `perl myscript *`.  This
>  is only an issue on Unix as the pipe symbol is not a valid filename
>  character on Windows.

Wow, i wasn't even aware of that weakness in the idiom, though
admittedly i tend to use while (<> ) only after emptying @ARGV.
But still, thanks for the hint!

It's not the only problem, though.
  open my $fh, $filename or ...
is a nightmare in general unless you are *really* sure $filename
does not contain any user-tweakable components.

>  There is nothing you can do about it though, but not use while(<>)

Sure, opening the files manually and specifying the file handle
explicitely causes very little extra effort and will usually pay
off in terms of stability, clarity and ease of maintenance, even
without the exploit you described.

>  if you cannot trust the filenames in your directory.  But then you
>  are in a bad spot already if you cannot trust your local files...

Not necessarily.

When writing suid programs or when writing system maintenance tools
that are expected to be run using sudo(8) or su(1) or by privileged
users in general, it is the usual case that the you cannot trust the
contents of the file systems, except those parts owned by root and
not writeable by anyone else, including all parent directories.
On a related note, it's really old news that dot in PATH is almost
always a terrible idea for just the same reason.

Yours,
  Ingo

P.S.
One of the nice things about Perl is that it's actually not a bad
language security-wise with a bit of coding discipline.  :)
_______________________________________________
ActivePerl mailing list
ActivePerl@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs