Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Taint mode piped open problem

Reply
Thread Tools

Taint mode piped open problem

 
 
Rohit
Guest
Posts: n/a
 
      01-26-2008
Hello All,

I am writing perl script with taint mode. In which I have to parse PS
command output using command line argument process ID. The problem is
when I store this process id in any variable, by using this variable I
am getting error.

$processID = $ARGV[0];

open(PSDATA, "/bin/ps -wwwp $processID |");
while (<PSDATA>) {
print scalar <PSDATA>;
}
close PSDATA;

I am getting this taint checking error -> "Insecure dependency in
piped open while running with -T switch at GetWidget.pl line 24."

If I replace $processID to any process id like 250, it works fine.

open(PSDATA, "/bin/ps -wwwp 250 |");

I will appreciate any solution for this problem.

Thanks,
Rohit
 
Reply With Quote
 
 
 
 
Gunnar Hjalmarsson
Guest
Posts: n/a
 
      01-26-2008
Rohit wrote:
> I am writing perl script with taint mode. In which I have to parse PS
> command output using command line argument process ID. The problem is
> when I store this process id in any variable, by using this variable I
> am getting error.
>
> $processID = $ARGV[0];
>
> open(PSDATA, "/bin/ps -wwwp $processID |");
> while (<PSDATA>) {
> print scalar <PSDATA>;
> }
> close PSDATA;
>
> I am getting this taint checking error -> "Insecure dependency in
> piped open while running with -T switch at GetWidget.pl line 24."
>
> If I replace $processID to any process id like 250, it works fine.


You need to untaint $processID.

($processID) = $processID =~ /^(\d+)$/;

Please read more about the topic in "perldoc perlsec".

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
 
Reply With Quote
 
 
 
 
Rohit
Guest
Posts: n/a
 
      01-26-2008
Thank you very much Gunnar! It works fine now.
And thanks for routing me to proper doc.

On Jan 26, 3:13 pm, Gunnar Hjalmarsson <(E-Mail Removed)> wrote:
> Rohit wrote:
> > I am writing perl script with taint mode. In which I have to parse PS
> > command output using command line argument process ID. The problem is
> > when I store this process id in any variable, by using this variable I
> > am getting error.

>
> > $processID = $ARGV[0];

>
> > open(PSDATA, "/bin/ps -wwwp $processID |");
> > while (<PSDATA>) {
> > print scalar <PSDATA>;
> > }
> > close PSDATA;

>
> > I am getting this taint checking error -> "Insecure dependency in
> > piped open while running with -T switch at GetWidget.pl line 24."

>
> > If I replace $processID to any process id like 250, it works fine.

>
> You need to untaint $processID.
>
> ($processID) = $processID =~ /^(\d+)$/;
>
> Please read more about the topic in "perldoc perlsec".
>
> --
> Gunnar Hjalmarsson
> Email:http://www.gunnar.cc/cgi-bin/contact.pl


 
Reply With Quote
 
Ben Morrow
Guest
Posts: n/a
 
      01-26-2008

Quoth Rohit <(E-Mail Removed)>:
>
> I am writing perl script with taint mode. In which I have to parse PS
> command output using command line argument process ID. The problem is
> when I store this process id in any variable, by using this variable I
> am getting error.
>
> $processID = $ARGV[0];


Do you have

use warnings;
use strict;

at the top of your script? This probably needs to be

my $processID = $ARGV[0];

> open(PSDATA, "/bin/ps -wwwp $processID |");


Check the return value of open.
Use three-or-more arg open, *especially* in scripts where security is an
issue.
Use lexical filehandles.

open(my $PSDATA, '-|', '/bin/ps', '-wwwp', $processID)
or die "can't fork ps: $!";

> while (<PSDATA>) {
> print scalar <PSDATA>;
> }
> close PSDATA;
>
> I am getting this taint checking error -> "Insecure dependency in
> piped open while running with -T switch at GetWidget.pl line 24."


@ARGV is tainted, since it comes from outside your program. This means
$processID is tainted as well, so you can't pass it directly to ps
without checking it first. With your script as it stood (1-arg open),
someone could have passed an argument of '1; rm -rf /' and caused
serious trouble. With multi-arg open this is not possible, but for all
Perl knows there could be other problems with passing arbitrary data to
ps.

There are two possible solutions: preferable would be to use a module
like Proc:rocessTable rather than parsing the output of ps(1);
alternatively, you need to untaint $ARGV[0] by extracting data from a
pattern match. Something like

my ($processID) = ($ARGV[0] =~ /^(\d+)$/)
or die "invalid pid: $ARGV[0]";

Read perldoc perlsec, and note that you will also (if you aren't
already) need to explicitly set $ENV{PATH} before taint mode will let
you run anything at all.

> If I replace $processID to any process id like 250, it works fine.
>
> open(PSDATA, "/bin/ps -wwwp 250 |");


This is because a literal constant like '250' is not from outside your
program, so it isn't tainted. (I guess this means you are already
setting $PATH.)

Ben

 
Reply With Quote
 
Rohit
Guest
Posts: n/a
 
      01-27-2008
Hi Ben,

Thanks for this great lesson. Using this I will be able to prevent
other problems too in future.

Again thanks a lot!

~Rohit

On Jan 26, 3:26 pm, Ben Morrow <(E-Mail Removed)> wrote:
> Quoth Rohit <(E-Mail Removed)>:
>
>
>
> > I am writing perl script with taint mode. In which I have to parse PS
> > command output using command line argument process ID. The problem is
> > when I store this process id in any variable, by using this variable I
> > am getting error.

>
> > $processID = $ARGV[0];

>
> Do you have
>
> use warnings;
> use strict;
>
> at the top of your script? This probably needs to be
>
> my $processID = $ARGV[0];
>
> > open(PSDATA, "/bin/ps -wwwp $processID |");

>
> Check the return value of open.
> Use three-or-more arg open, *especially* in scripts where security is an
> issue.
> Use lexical filehandles.
>
> open(my $PSDATA, '-|', '/bin/ps', '-wwwp', $processID)
> or die "can't fork ps: $!";
>
> > while (<PSDATA>) {
> > print scalar <PSDATA>;
> > }
> > close PSDATA;

>
> > I am getting this taint checking error -> "Insecure dependency in
> > piped open while running with -T switch at GetWidget.pl line 24."

>
> @ARGV is tainted, since it comes from outside your program. This means
> $processID is tainted as well, so you can't pass it directly to ps
> without checking it first. With your script as it stood (1-arg open),
> someone could have passed an argument of '1; rm -rf /' and caused
> serious trouble. With multi-arg open this is not possible, but for all
> Perl knows there could be other problems with passing arbitrary data to
> ps.
>
> There are two possible solutions: preferable would be to use a module
> like Proc:rocessTable rather than parsing the output of ps(1);
> alternatively, you need to untaint $ARGV[0] by extracting data from a
> pattern match. Something like
>
> my ($processID) = ($ARGV[0] =~ /^(\d+)$/)
> or die "invalid pid: $ARGV[0]";
>
> Read perldoc perlsec, and note that you will also (if you aren't
> already) need to explicitly set $ENV{PATH} before taint mode will let
> you run anything at all.
>
> > If I replace $processID to any process id like 250, it works fine.

>
> > open(PSDATA, "/bin/ps -wwwp 250 |");

>
> This is because a literal constant like '250' is not from outside your
> program, so it isn't tainted. (I guess this means you are already
> setting $PATH.)
>
> Ben


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Taint (like in Perl) as a Python module: taint.py Johann C. Rocholl Python 5 02-06-2007 09:37 AM
Find::File and taint mode Dave Saville Perl Misc 5 11-18-2003 11:18 PM
Taint - having some real trouble here, taint/perl experts, please help Ben Perl Misc 17 10-24-2003 12:22 PM
Problem with Date::Manip, taint mode, and CGI::Carp. Louis Erickson Perl Misc 2 09-03-2003 02:02 AM
Taint Mode Newbie Help sekdab Perl Misc 2 07-19-2003 03:41 PM



Advertisments