Path: utzoo!attcan!uunet!lll-winken!elroy.jpl.nasa.gov!jpl-devvax!lwall From: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) Newsgroups: comp.lang.perl Subject: Re: Disabling "Taintedness" of variables Message-ID: <8588@jpl-devvax.JPL.NASA.GOV> Date: 3 Jul 90 22:06:37 GMT References: <1990Jul3.203638.3747@uvaarpa.Virginia.EDU> Reply-To: lwall@jpl-devvax.JPL.NASA.GOV (Larry Wall) Organization: Jet Propulsion Laboratory, Pasadena, CA Lines: 56 In article <1990Jul3.203638.3747@uvaarpa.Virginia.EDU> telxon!teleng!gorpong@uunet.uu.net writes: : I am currently trying to do the following: Set up a separate root directory : for guest users on the machine. I want to have a perl script to do a chroot() : to the special place for the user and then let them in. That way they can : use the machine as a mail hub, or whatever, but not be able to see any data : on the system and such (ie: the bbs user will belong to this). To do that : I initially hardcoded everything in the perl script, and it was fine. Instead : of that, I decided to have a separate password/group file just for that and : have the perl script query those files to get the information. : : That doesn't work because the very end when I want to chdir to their home : directory (found in the other password file) perl reports: : : Insecure dependency in chdir at line .... : : I KNOW what I'm doing, and chdir'ing to their home directory is not a : problem. I do open up the password/group files as root, because the files : are readable ONLY by root (hence, they are secure). Perl won't let me do : something this simple! I agree that it is nice to know when you are doing : something rather insecure, but there should also be a way to turn it off for : those of us that really do know what we are doing. I don't know of any other : way to do this. Once I read the file the values are tainted. I therefore : cannot use those values in anything else, or they become tainted. So, I can : look at the values in the file and then throw them away; that's stupid. : : Larry, ANYBODY please help me! I'm not going to post the entire script because : it is over 400 lines long. I'll take any ideas, no matter HOW off the wall. Here's an off-the-wall idea, straight from the manual: ... You can also bypass the taint- ing mechanism by referencing subpatterns--perl presumes that if you reference a substring using $1, $2, etc, you knew what you were doing when you wrote the pattern: $ARGV[0] =~ /^-P(\w+)$/; $printer = $1; # Not tainted This is fairly secure since \w+ doesn't match shell meta- characters. Use of .+ would have been insecure, but perl doesn't check for that, so you must be careful with your patterns. This is the ONLY mechanism for untainting user supplied filenames... Perl doesn't try to figure out whether the file you're reading from is suspect or not--it just presumes that all external input is suspect. The tainting mechanism errs on the side of caution. Note also that in your particular case, you could be reading the passwd and group files with getpwent and getgrent, which wouldn't taint their data. Then your code would be portable to a YP (mmmmph!), er, NIS machine. There's core scan one way to thin a mat. --ancient BASIC proverb Larry