[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

Re: [ID 19991230.004] Phrack finds a major perl bug



Matthias Urlichs <smurf@noris.net> writes:

> It's the programmer's job to make sure that file names from external
> sources are properly filtered. Perl's taint checks are supremely useful
> for doing this.

While I largely agree with this, I think that it may be worth making a
special exception for nul characters embedded in the middle of file names
passed to sysopen().  To the user, sysopen is part of Perl, and should be
able to handle any Perl string or return an error saying that it can't
create that file.  It's impossible in the Unix file system to create or
open the file "foo\0bar", so sysopen should return an error.  It should
*not* silently open "foo" and not tell you that.

Don't think of it as a security issue.  Think of it as a correctness
issue.  What are the guarantees offered by sysopen?  I would assume that
part of the documented interface to sysopen is that it either opens
exactly that file name (allowing for symlinks) or it fails with an error.
Since Perl allows nuls in strings and the C library can't detect them,
Perl is responsible for doing so and returning some appropriate error,
probably EACCES.

-- 
Russ Allbery (rra@stanford.edu)         <URL:http://www.eyrie.org/~eagle/>


Follow-Ups from:
"Matthias Urlichs" <smurf@noris.net>
Sam Tregar <sam@tregar.com>
References to:
ap296@torfree.net
"Matthias Urlichs" <smurf@noris.net>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]