www.webdeveloper.com
Results 1 to 5 of 5

Thread: setgid error

  1. #1
    Join Date
    Nov 2002
    Posts
    20

    setgid error

    hello all, thanks in advance for any help given. when i run this script, an error comes up: "Insecure dependency in open while running setgid at cpptrak.pl line 27."


    #!/usr/local/bin/perl -wT

    use CGI ':standard';
    use strict;
    require TripodCGI;
    require 'sub.lib';

    ($n, $sec, $url, $c);

    if ($ENV{'REQUEST_METHOD'} eq 'POST'){

    my $CGI = new CGI;

    $n = $CGI->param('fn');

    }

    $sec=2;
    $url= '../' . $n . '.zip';

    open (RF, "<$n.txt") || Error ('open', 'file');

    $c = <RF>;

    close(RF);

    open (WF, ">$n.txt") || Error ('open','file'); ##LINE 27##

    mime();
    print WF "$c";

    close(WF);

    mime();
    refresh($sec, $url);
    print "$n.exe should begin downloading. If not, click <a href='$url'>here</a>.<br><br><br><br><a href='progs.html'>Click here</a> to return to the programs page.";

  2. #2
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    The problem here is because the value of $n is dependant on user input. On line 27 you are writing to a file with no real idea of what that file could be. For example a malicious user can use slashes to form a path causing the file to be written to even a different directory than you had planned on. You will first have to assure that $n will not contain any unwanted input and then clear its taintedness.

    A good way to prevent "bad characters" from appearing and still allow the user to type in a full range of characters is to convert the value of $n to a hex string. The character values are retained but the string will only contain the characters 0-9 and a-f.

    $n = unpack('H*', $n);

    Now that we know it is safe, we need to untaint $n so that Perl will allow it through. The only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern.

    $n =~ m/^(.*)$/s;
    $n = $1;


    Or you could use a regular expression match to only allow certain characters through.

    $n =~ m/^([a-zA-Z0-9_]+)/;
    $n = $1;


    See Perl Security for more details.

    It also appears as if you are missing your my() declaration on line 8.
    Last edited by jeffmott; 12-18-2002 at 09:39 AM.

  3. #3
    Join Date
    Nov 2002
    Posts
    20
    "Unable to create sub named "*Member::Error" at cpptrak.pl line 24."



    #!/usr/local/bin/perl -wT

    use CGI ':standard';
    use strict;
    require TripodCGI;
    require 'sub.lib';

    my ($n, $sec, $url, $c);

    if ($ENV{'REQUEST_METHOD'} eq 'POST'){

    my $CGI = new CGI;

    $n = $CGI->param('fn');
    }

    $n = unpack('H*', $n);
    $n =~ m/^([a-zA-Z0-9_]+)/;
    $n = $1;

    $sec=2;
    $url= '../' . $n . '.zip';

    open (rf, "<$n.txt") || Error ('open', 'file'); ##LINE 24##

    $c = <rf>;

    close(rf);

    open (wf, ">$n.txt") || Error ('open','file');

    mime();
    print wf "$c";

    close(wf);

    mime();
    refresh($sec, $url);

    print "$n.exe should begin downloading. If not, click <a href='$url'>here</a>.<br><br><br><br><a href='progs.html'>Click here</a> to return to the programs page.";
    Last edited by Ryan; 12-18-2002 at 07:02 PM.

  4. #4
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    Where is Error() defined?

  5. #5
    Join Date
    Nov 2002
    Posts
    20
    actually, i didn't define it...

    but when i did, it screwed up, so that's sort of a moot point.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles