www.webdeveloper.com
Results 1 to 5 of 5

Thread: setgid error

  1. #1
    Join Date
    Nov 2002
    Posts
    20

    setgid error

    hello all, thanks in advance for any help given. when i run this script, an error comes up: "Insecure dependency in open while running setgid at cpptrak.pl line 27."


    #!/usr/local/bin/perl -wT

    use CGI ':standard';
    use strict;
    require TripodCGI;
    require 'sub.lib';

    ($n, $sec, $url, $c);

    if ($ENV{'REQUEST_METHOD'} eq 'POST'){

    my $CGI = new CGI;

    $n = $CGI->param('fn');

    }

    $sec=2;
    $url= '../' . $n . '.zip';

    open (RF, "<$n.txt") || Error ('open', 'file');

    $c = <RF>;

    close(RF);

    open (WF, ">$n.txt") || Error ('open','file'); ##LINE 27##

    mime();
    print WF "$c";

    close(WF);

    mime();
    refresh($sec, $url);
    print "$n.exe should begin downloading. If not, click <a href='$url'>here</a>.<br><br><br><br><a href='progs.html'>Click here</a> to return to the programs page.";

  2. #2
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    The problem here is because the value of $n is dependant on user input. On line 27 you are writing to a file with no real idea of what that file could be. For example a malicious user can use slashes to form a path causing the file to be written to even a different directory than you had planned on. You will first have to assure that $n will not contain any unwanted input and then clear its taintedness.

    A good way to prevent "bad characters" from appearing and still allow the user to type in a full range of characters is to convert the value of $n to a hex string. The character values are retained but the string will only contain the characters 0-9 and a-f.

    $n = unpack('H*', $n);

    Now that we know it is safe, we need to untaint $n so that Perl will allow it through. The only way to bypass the tainting mechanism is by referencing subpatterns from a regular expression match. Perl presumes that if you reference a substring using $1, $2, etc., that you knew what you were doing when you wrote the pattern.

    $n =~ m/^(.*)$/s;
    $n = $1;


    Or you could use a regular expression match to only allow certain characters through.

    $n =~ m/^([a-zA-Z0-9_]+)/;
    $n = $1;


    See Perl Security for more details.

    It also appears as if you are missing your my() declaration on line 8.
    Last edited by jeffmott; 12-18-2002 at 09:39 AM.
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  3. #3
    Join Date
    Nov 2002
    Posts
    20
    "Unable to create sub named "*Member::Error" at cpptrak.pl line 24."



    #!/usr/local/bin/perl -wT

    use CGI ':standard';
    use strict;
    require TripodCGI;
    require 'sub.lib';

    my ($n, $sec, $url, $c);

    if ($ENV{'REQUEST_METHOD'} eq 'POST'){

    my $CGI = new CGI;

    $n = $CGI->param('fn');
    }

    $n = unpack('H*', $n);
    $n =~ m/^([a-zA-Z0-9_]+)/;
    $n = $1;

    $sec=2;
    $url= '../' . $n . '.zip';

    open (rf, "<$n.txt") || Error ('open', 'file'); ##LINE 24##

    $c = <rf>;

    close(rf);

    open (wf, ">$n.txt") || Error ('open','file');

    mime();
    print wf "$c";

    close(wf);

    mime();
    refresh($sec, $url);

    print "$n.exe should begin downloading. If not, click <a href='$url'>here</a>.<br><br><br><br><a href='progs.html'>Click here</a> to return to the programs page.";
    Last edited by Ryan; 12-18-2002 at 07:02 PM.

  4. #4
    Join Date
    Nov 2002
    Location
    NY, USA
    Posts
    731
    Where is Error() defined?
    for(split(//,'))*))91:+9.*4:1A1+9,1))2*:..)))2*:31.-1)4131)1))2*:3)"'))
    {for(ord){$i+=$_&7;grep(vec($s,$i++,1)=1,1..($_>>3)-4);}}print"$s\n";

  5. #5
    Join Date
    Nov 2002
    Posts
    20
    actually, i didn't define it...

    but when i did, it screwed up, so that's sort of a moot point.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center

"

"

X vBulletin 4.2.2 Debug Information

  • Page Generation 0.10182 seconds
  • Memory Usage 2,864KB
  • Queries Executed 13 (?)
More Information
Template Usage (32):
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (5)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates