Help untaining the command. Insecure dependency in `` ... setuid

D

danpres2k

Hi, I have following statements

@filename = split("_", $cgi->param ('filename')); //similar multiline
code

$env_profile = $cgi->param ('env_profile');
$command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
-D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
-B$branch -R$code";

#env_profile = test.env_profile.john_13 (for example)
@retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
"$env_profile" >&1`;

It gives me "Insecure dependency in `` while running setuid" error at
the last line for @retstr.

How can I untaint $command and $env_profile, while both have special
characters as well. Its a test application for my testing purposes
only, so I don't care much about security here.

Thanks,
Dil
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,731
Messages
2,569,432
Members
44,832
Latest member
GlennSmall

Latest Threads

Top