[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] perl taint mode

Subject: Re: [cobalt-security] perl taint mode
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Fri, 1 Feb 2002 01:23:49 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> does anybody know how to impose the taint ( -T ) mode in perl
> in order to secure the usage of scripts ?

I wouldn't use the suggested replacements of the perl interpreter with a 
script, as that most likely will affect the Cobalt scripts. If that solution 
works at all. I once attempted something similar while I rewanted to renice 
all PERL scripts. And fell flat on my nose with that.

For those scripts where you want to use tainting you could just change the 
first line of the respective script to this:

#!/usr/bin/perl -T

However, in order for the script(s) to still work the programmer must have 
taken into account that someone might attempt usage with taint checks 
enabled. 

If the programmer went the easy way and didn't properly predefine his 
variables and reuses 'em as he sees fit, then you'll run into script errors.

Taint checks and usage of Use::Strict are sure ways to improve script 
security, but to implement them afterwards into an already finished script is 
usually a pain and you're better off with a complete rewrite from scratch.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- [cobalt-security] perl taint mode
  - From: Schiltz Luc

Prev by Date: RE: [cobalt-security] Changing the Apache banner
Next by Date: [cobalt-security] hi
Previous by thread: Re: [cobalt-security] perl taint mode
Next by thread: [cobalt-security] approved AXFR

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index