Help untaining the command. Insecure dependency in `` ... setuid

Discussion in 'Perl' started by danpres2k, Aug 13, 2003.

  1. danpres2k

    danpres2k Guest

    Hi, I have following statements

    @filename = split("_", $cgi->param ('filename')); //similar multiline
    code

    $env_profile = $cgi->param ('env_profile');
    $command = "/app/ics/bin/$input_app -U\${USER} -P\${PSWD} -S\${SERVER}
    -D\${DB} -F\L@fileinfo[1]\E -I\L@fileinfo[2]\E -C@fileinfo[0] -T$type
    -B$branch -R$code";

    #env_profile = test.env_profile.john_13 (for example)
    @retstr = `/opt/apache/cgi-bin/app/execute.ksh -c "$command" -p
    "$env_profile" >&1`;

    It gives me "Insecure dependency in `` while running setuid" error at
    the last line for @retstr.

    How can I untaint $command and $env_profile, while both have special
    characters as well. Its a test application for my testing purposes
    only, so I don't care much about security here.

    Thanks,
    Dil
    danpres2k, Aug 13, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?VmluY2UgTWVsZQ==?=

    Secure page with Insecure Elements

    =?Utf-8?B?VmluY2UgTWVsZQ==?=, Jun 11, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    2,350
    Codepuller
    Jul 6, 2004
  2. Ravi Bhave
    Replies:
    3
    Views:
    160
    Ravi Bhave
    Nov 7, 2003
  3. Regent
    Replies:
    3
    Views:
    371
    John W. Krahn
    Apr 24, 2004
  4. kskkaf
    Replies:
    2
    Views:
    134
    kskkaf
    Jul 3, 2004
  5. ct
    Replies:
    2
    Views:
    138
    Eric Schwartz
    Feb 22, 2006
Loading...

Share This Page