Hi Ronald,
Ronald F. Guilmette wrote:
> Below is a trivially simple example of how this security flaw can
> cause a problem, in practice:
>
> =====================================================================
> #!/usr/bin/perl -w
>
> use strict;
> use CGI::Lite;
>
> my $cgi = new CGI::Lite;
> my %form = $cgi->parse_form_data;
> my $recipient = $form{'recipient'};
>
> my $message = "From: sender\nSubject: Hello\n\nHello my friend!\n\n";
>
> $recipient = escape_dangerous_chars ($recipient);
>
> open (SM, "|/usr/sbin/sendmail -f rfg $recipient");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Uhm... no matter how you escape dangerous stuff but you should not be
using that code in the first place...
Better would be...
$pid = open(MAIL, "|-");
defined ($pid) or die "Fork: $!";
if (!$pid) {
exec '/usr/lib/sendmail', '-t', '-oi' || exit 255;
}
print MAIL "To: $to\n";
print MAIL "From: $from\n";
print MAIL "Subject: $subject\n";
...
...
Peace,
--T
--
tee at T72 dot org - "On kolmenlaisia ihmisiä - niitä jotka
ovat matemaattisesti lahjakkaita ja
niitä jotka eivät ole."
