[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] perl taint mode
- Subject: Re: [cobalt-security] perl taint mode
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 1 Feb 2002 01:23:49 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> does anybody know how to impose the taint ( -T ) mode in perl
> in order to secure the usage of scripts ?
I wouldn't use the suggested replacements of the perl interpreter with a
script, as that most likely will affect the Cobalt scripts. If that solution
works at all. I once attempted something similar while I rewanted to renice
all PERL scripts. And fell flat on my nose with that.
For those scripts where you want to use tainting you could just change the
first line of the respective script to this:
#!/usr/bin/perl -T
However, in order for the script(s) to still work the programmer must have
taken into account that someone might attempt usage with taint checks
enabled.
If the programmer went the easy way and didn't properly predefine his
variables and reuses 'em as he sees fit, then you'll run into script errors.
Taint checks and usage of Use::Strict are sure ways to improve script
security, but to implement them afterwards into an already finished script is
usually a pain and you're better off with a complete rewrite from scratch.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer