TechQA.

Insecure dependency in open while running with -T switch [PERL]

301 views Asked by At

I have a function like this:

open my $pipe, "-|", '/usr/bin/externalcmd | /usr/bin/awk \'{print $2" "$4}\''
    || die "can't fork command: $!";    

while (<$pipe>) { 
    my ($if, $ip) = split;

    my $file = "/some/file/$if";
    open (FILE, ">$file") || die "can't open $file for $ip: $!";
    
    # ...

    close(FILE);
}    
close ($pipe);

It fails on open with the following error:

Insecure dependency in open while running with -T switch at line 1383, <$pipe> line 1.

How can I fix this?

perl fork taint
Original Q&A
1

There are 1 answers

7
Lucky On

The answer was to "launder" the $if variable through a regex match like this:

# e.g., only "word" characters
if ($if =~ /^([-\@\w.]+)\z/) {
    $if = $1;
} else {
    die "Bad data in '$if'";
}

Then proceed as before.

Related Questions in PERL

Related Questions in FORK

Related Questions in TAINT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions