|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: PERL's -e check
From: Matt Zimmerman (mdz
CSH.RIT.EDU)Date: Tue Dec 26 2000 - 02:13:26 CST
- Next message: Neal Dias: "Re: The NSA's Security-Enhanced Linux"
- Previous message: Adam Prato: "Re: PERL's -e check"
- In reply to: Joe Testa: "PERL's -e check"
- Next in thread: Pavel Kankovsky: "Re: PERL's -e check"
- Reply: Matt Zimmerman: "Re: PERL's -e check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Dec 24, 2000 at 07:11:40PM -0500, Joe Testa wrote:
> Hi all --
>
> I've noticed here and there that some PERL scripts pass user input
> directly into an open() call protected by a "-e" check. Example:
>
> # $temp_file is taken from the submitted form
> if(-e $temp_file) {
> open(TEMP, "<$temp_file");
> ...
> }
>
> Is there any trick that would bypass the "-e"? Thanks in advance.
The -e isn't the problem; all you have to do is create a file with the same
name as whatever you want to pass to open(), or use one that already exists.
$temp_file could be, for example, /etc/passwd.
The '<' mode specifier prevents open() from interpreting $temp_file as, for
example, a command pipe (e.g. open(TEMP, "/bin/sh -c do_some_stuff|"). If '<'
were not used, you could create a file whose name contained the command to
execute, so I don't know what you could do with this code other than read
existing files (in which case -e doesn't hurt you).
-- - mdz
- application/pgp-signature attachment: stored
- Next message: Neal Dias: "Re: The NSA's Security-Enhanced Linux"
- Previous message: Adam Prato: "Re: PERL's -e check"
- In reply to: Joe Testa: "PERL's -e check"
- Next in thread: Pavel Kankovsky: "Re: PERL's -e check"
- Reply: Matt Zimmerman: "Re: PERL's -e check"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]