Use of CGI.pm filehandle with File::Copy::copy in taint mode

R

raw.com

I have a simple upload script that uses the (Fh) filehandles returned
by CGI::upload() in a call to File::Copy::copy(). Works fine without
taint mode turned on. Under -t I get:

Insecure dependency in open while running with -T switch at
C:/Perl/lib/File/Copy.pm line 133

That line is, indeed, the call to open().

Untainting my filehandle (using IO::Handle::untaint(*{$fh}{IO}), which
returns 0, indicating "success") does not do the trick.

In the debugger, using this as a taint-check:

sub is_tainted
{
return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}

I see that my filehandles remain tainted even after the call to
IO::Handle:untaint().

Other postings I've read suggest that these filehandles do not need to
be untainted.

Any suggestions?

Cheers,
Richard
 
G

Gunnar Hjalmarsson

I have a simple upload script that uses the (Fh) filehandles returned
by CGI::upload() in a call to File::Copy::copy(). Works fine without
taint mode turned on. Under -t I get:

Insecure dependency in open while running with -T switch at
C:/Perl/lib/File/Copy.pm line 133

That line is, indeed, the call to open().

Untainting my filehandle (using IO::Handle::untaint(*{$fh}{IO}), which
returns 0, indicating "success") does not do the trick.

In the debugger, using this as a taint-check:

sub is_tainted
{
return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}

I see that my filehandles remain tainted even after the call to
IO::Handle:untaint().

Other postings I've read suggest that these filehandles do not need to
be untainted.

Any suggestions?

Try CGI::UploadEasy. It uses another approach, but it's taint safe.
 
R

raw.com

Thanks, Gunnary. I installed your module (CGI::UploadEasy) and read
through it and, of course, I'd reinvented a lot of what you already do
there. However, I still won't be able to use your module directly, as
I get the uploaded filenames from another place, not from the filenames
associated with the uploaded file parameters. Additionally, I need to
control the set of allowable content-types.

However, when I saw that you take no specific action to untaint the
CGI::upload()-returned filehandles I went back to trying my code in the
debugger and I see that the error from File::Copy::copy referred not to
the filehandle arg but to the destination arg, which is a string
filename. Indeed, I'd forgotten to untaint that value, which came in
part from a different CGI::param().

Once I fixed that I was able to run with taint-checking and, in fact,
remove the use of IO::Handle::untaint() completely.

Cheers,
Richard
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top