Perl IPC::open use in a setuid program

[Larry W. Virden]

I've inherited a couple of large programs (which need to run setuid)
which makes a lot of use of IPC:pen3 to open a link to a program,
and then read that program's stdout and/or stderr.

In previous versions of perl, the code worked without noise, but in
the past year the perl was updated to 5.8.4, and now I get the
warning:

Insecure dependency in exec while running setuid at
/usr/local/perl5/lib/5.8.4/IPC/Open3.pm line 244 (#1)
(F) You tried to do something that the tainting mechanism didn't
like.
The tainting mechanism is turned on when you're running setuid or
setgid, or when you specify -T to turn it on explicitly. The
tainting mechanism labels all data that's derived directly or
indirectly
from the user, who is considered to be unworthy of your trust. If
any
such data is used in a "dangerous" operation, you get this error.
See
perlsec for more information.

Uncaught exception from user code:
Insecure dependency in exec while running setuid at /usr/local/
perl5/lib /5.8.4/IPC/Open3.pm line 244.
IPC::Open3::_open3('open2', 'parchive::Advanced_Logging',
'*parchive::Advanced_Logging::WRITEHANDLE',
'*parchive::Advanced_Logging::READHANDLE', '>&STDERR', '/program/bin/
parc-syslog', '--add', 'LOG:
11-18-2008:11:01:27:larry:i500:srv22:J::i500000\x{a}', '--file', ...)
called at /usr/local/perl5/lib/5.8.4/IPC /Open2.pm line 114
IPC::Open2:pen2('*parchive::Advanced_Logging::READHANDLE',
'*parchive:
:Advanced_Logging::WRITEHANDLE', '/program/bin/parc-syslog', '--add',
'LOG:11 -18-2008:11:01:27:larry:i500:srv22:J::i500000\x{a}', '--file',
'/data/i500/parchive.log.sys') called at /program/lib/perl/parchive/
Advanced_Logging.pm line 878

I've seen various writings about massaging environment variables and
command line arguments to remove the taintedness of them.

I'm not quite certain what kind of massage is needed in this case
though.
Line 878 of the module in question is:
my $pid = open2(*READHANDLE,*WRITEHANDLE,
$parc_syslog,"--add",$arg,"--file",$system_log_path);


Is the issue $parc_syslog or all of the variables?

Does anyone have a step that I need to follow to get this type of
warning resolved?

Thank you for your help.

 

[smallpond]

I've inherited a couple of large programs (which need to run setuid)
which makes a lot of use of IPC:pen3 to open a link to a program,
and then read that program's stdout and/or stderr.
snip

I've seen various writings about massaging environment variables and
command line arguments to remove the taintedness of them.

I'm not quite certain what kind of massage is needed in this case
though.
Line 878 of the module in question is:
my $pid = open2(*READHANDLE,*WRITEHANDLE,
$parc_syslog,"--add",$arg,"--file",$system_log_path);

Is the issue $parc_syslog or all of the variables?

Does anyone have a step that I need to follow to get this type of
warning resolved?

Anything entered on the command line, browser form, environment
variable or read from a file is tainted. Look at:

$parc_syslog
$arg
$system_log_path

If so, you need to "untaint" it. I untaint
a user-entered password in a web application like this:

$t_password =~ / *(\w*)/;
$password = $1;

 

[Tad J McClellan]

I untaint
a user-entered password in a web application like this:

$t_password =~ / *(\w*)/;

^^
^^
I cannot see what purpose the zero-or-more spaces has there.

Can you share its purpose with me?

(and good passwords should have punctuation characters in them.)

$password = $1;

What will $password contain if $t_password contains no word characters at all?

(If you think it must contain undef, you are mistaken...)