Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Insecure dependency in open while running with -T switch

Reply
Thread Tools

Insecure dependency in open while running with -T switch

 
 
kskkaf
Guest
Posts: n/a
 
      07-03-2004
In an upload subroutine I have the following code:

open (OUTFILE, "> $root/$docfolder/$fpage") or die "Can't open output
file for write: $!";

But the error message as show in the title keeps coming up. Now that I
insist keeping the -T switch, how can I avoid the error message? Thanks
for any clue.

--
kskkaf
 
Reply With Quote
 
 
 
 
Paul Lalli
Guest
Posts: n/a
 
      07-03-2004
"kskkaf" <(E-Mail Removed)> wrote in message
news:cc64sg$ttt$(E-Mail Removed)99.com...
> Subject: Insecure dependency in open while running with -T switch
> In an upload subroutine I have the following code:
>
> open (OUTFILE, "> $root/$docfolder/$fpage") or die "Can't open output
> file for write: $!";
>
> But the error message as show in the title keeps coming up. Now that I
> insist keeping the -T switch, how can I avoid the error message? Thanks
> for any clue.


It's telling you that one or more of $root, $docfolder, or $fpage are
tainted. That is, they came from user input or another insecure method.
You must untaint this data before using it to open a file. Untainting means
to verify, via regular expressions, that the data is what it's allowed to
be. Read
perldoc perlsec
for more information and examples.

Paul Lalli


 
Reply With Quote
 
 
 
 
kskkaf
Guest
Posts: n/a
 
      07-03-2004
Paul Lalli wrote:
>
> It's telling you that one or more of $root, $docfolder, or $fpage are
> tainted. That is, they came from user input or another insecure method.
> You must untaint this data before using it to open a file. Untainting means
> to verify, via regular expressions, that the data is what it's allowed to
> be. Read
> perldoc perlsec
> for more information and examples.
>
> Paul Lalli
>

Thanks Paul!

--
kskkaf
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
destructor dependency while return from a function tom C++ 3 08-24-2007 01:12 PM
setuid script "insecure dependency..." error ct Perl Misc 2 02-22-2006 09:50 PM
Insecure dependency in unlink while running with -T switch Regent Perl Misc 3 04-24-2004 01:52 AM
Running insecure python code Noen Python 7 03-06-2004 01:35 AM
Help untaining the command. Insecure dependency in `` ... setuid danpres2k Perl 0 08-13-2003 03:21 PM



Advertisments