diff options
| author | Gurusamy Sarathy <gsar@cpan.org> | 1998-05-14 07:00:02 +0000 |
|---|---|---|
| committer | Gurusamy Sarathy <gsar@cpan.org> | 1998-05-14 07:00:02 +0000 |
| commit | a3cb178b0bad32fa8be934503d051b96a3cb1fea (patch) | |
| tree | bb5ab9c595a9158c059710be33d4e5ff619bf3fc /pod/perlsec.pod | |
| parent | 43051805d53a3e4c5b2185a17655cab5bedc17ed (diff) | |
| download | perl-a3cb178b0bad32fa8be934503d051b96a3cb1fea.tar.gz | |
[win32] merge changes#872,873 from maintbranch
p4raw-link: @873 on //depot/maint-5.004/perl: 990f469d529b62458be38e8659885fd26d353629
p4raw-link: @872 on //depot/maint-5.004/perl: 0b85608df162729d39cb0f96c9f88c7de0a3ceab
p4raw-id: //depot/win32/perl@935
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 73884790b0..3fd903412d 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -36,7 +36,9 @@ L<perllocale>), results of certain system calls (readdir, readlink, the gecos field of getpw* calls), and all file input are marked as "tainted". Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies -files, directories, or processes. Any variable set +files, directories, or processes. (B<Important exception>: If you pass +a list of arguments to either C<system> or C<exec>, the elements of +that list are B<NOT> checked for taintedness.) Any variable set to a value derived from tainted data will itself be tainted, even if it is logically impossible for the tainted data to alter the variable. Because taintedness is associated with each @@ -88,7 +90,7 @@ For example: If you try to do something insecure, you will get a fatal error saying something like "Insecure dependency" or "Insecure PATH". Note that you can still write an insecure B<system> or B<exec>, but only by explicitly -doing something like the last example above. +doing something like the "considered secure" example above. =head2 Laundering and Detecting Tainted Data @@ -173,6 +175,14 @@ guarantee that the executable in question isn't itself going to turn around and execute some other program that is dependent on your PATH, it makes sure you set the PATH. +The PATH isn't the only environment variable which can cause problems. +Because some shells may use the variables IFS, CDPATH, ENV, and +BASH_ENV, Perl checks that those are either empty or untainted when +starting subprocesses. You may wish to add something like this to your +setid and taint-checking scripts. + + delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer + It's also possible to get into trouble with other operations that don't care whether they use tainted values. Make judicious use of the file tests in dealing with any user-supplied filenames. When possible, do |