Re: how can i untain $ARGV from a perl script extending snmp? [solved]
- From: jordi@xxxxxxxxx (Jordi Moles Blanco)
- Date: Mon, 06 Oct 2008 16:30:05 +0200
En/na Raymond Wan ha escrit:
Hi Jordi,
Jordi Moles Blanco wrote:
1. how can i "untain" that var?
2. can i modify the way that snmp works to disable that "-T" flag when it passes the control to the perl script?
i've tried to untain the var with any means i've found, like this one:
*********
$path =~ s/;//g;
*********
but none has worked so far.
do you have any ideas?
I can't answer your second question, but as for your first question, take a look at web sites such as:
http://www.webreference.com/programming/perl/taint/
As it says, you need to clean tainted data by running a regular expression over it and *then* selecting some part of it using a sub-pattern ($1, $2, ...).
For example, you could do:
if ($path =~ /^(.*)$/) {
$path = $1;
}
else {
## Well, this won't happen
}
however, you are (a) losing all the benefits of tainting and worse of all, (b) may be giving someone else reading your code a false sense of security...they think tainted is turned on and that everything is being checked.
You might want to at least check if it is an absolute path, any ..'s in it, or if the path is within some part of the directory structure which you accept.
Hope this helps!
Ray
Thanks a lot for that info, that was all i needed :)
I was doing the first part, but no the $path=$1 step .
no it's working like a charm :)
thanks.
.
- References:
- how can i untain $ARGV from a perl script extending snmp?
- From: Jordi Moles Blanco
- Re: how can i untain $ARGV from a perl script extending snmp?
- From: Raymond Wan
- how can i untain $ARGV from a perl script extending snmp?
- Prev by Date: Re: How to check empty hash value properly?
- Next by Date: SSH equivalent to Net::Telnet::Cisco?
- Previous by thread: Re: how can i untain $ARGV from a perl script extending snmp?
- Next by thread: Re: how can i untain $ARGV from a perl script extending snmp?
- Index(es):
Relevant Pages
|
