home *** CD-ROM | disk | FTP | other *** search

---

/ Languguage OS 2 / Languguage OS II Version 10-94 (Knowledge Media)(1994).ISO / a_utils / perl / prlbkxmp.lha / ch7 / tainting

< prev

next >

Wrap

Text File  |  1991-01-08  |  888b  |  33 lines

---

1. $foo = shift;            # $foo is tainted
2. $bar = $foo,'bar';        # $bar is also tainted
3. $xxx = <>;            # Tainted
4. $path = $ENV{'PATH'};        # Tainted, but see below
5. $abc = 'abc';            # Not tainted
6.  
7. system "echo $foo";        # Insecure
8. system "/bin/echo", $foo;    # Secure (doesn't use sh)
9. system "echo $bar";        # Insecure
10. system "echo $abc";        # Insecure until PATH set
11.  
12. $ENV{'PATH'} = '/bin:/usr/bin';
13. $ENV{'IFS'} = '' if $ENV{'IFS'} ne '';
14.  
15. $path = $ENV{'PATH'};        # Not tainted
16. system "echo $abc";        # Is secure now!
17.  
18. open(FOO,"$foo");        # OK
19. open(FOO,">$foo");         # Not OK
20.  
21. open(FOO,"echo $foo|");        # Not OK, but...
22. open(FOO,"-|") || exec 'echo', $foo;    # OK
23.  
24. $zzz = `echo $foo`;        # Insecure, zzz tainted
25.  
26. unlink $abc,$foo;        # Insecure
27. umask $foo;            # Insecure
28. eval $foo;            # Very insecure
29.  
30. exec "echo $foo";        # Insecure
31. exec "echo", $foo;        # Secure (doesn't use sh)
32. exec "sh", '-c', $foo;        # Considered secure, alas
33.