Provided by:
manpages-zh_1.5.2-1_all 
NAME
perlsec - Perl
DESCRIPTION
PerlsetuidsetgidPerlperl
PerlIDID""setuidunix04000setgid UNIX02000 -T ""CGI
""Perl""Perlset-idPerlC
----perllocalereaddir(),readlink(),shmread(),msgrcv(),getpwxxx()gcosshell""""shell
o printsyswrite
o
$obj->$method(@args);
&{$foo}(@args);
$foo->(@args);
Perl POSIX::system
Perl
$arg = shift; # $arg
$hid = $arg, 'bar'; # $hid
$line = <>; #
$line = <STDIN>; #
open FOO, "/home/me/bar" or die $!;
$line = <FOO>; #
$path = $ENV{'PATH'}; # ,
$data = 'abc'; #
system "echo $arg"; #
system "/bin/echo", $arg; #
# (Perl /bin/echo)
system "echo $hid"; #
system "echo $data"; # PATH
$path = $ENV{'PATH'}; # $path
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
$path = $ENV{'PATH'}; # $path
system "echo $data"; # !
open(FOO, "< $arg"); # OK -
open(FOO, "> $arg"); # Not OK -
open(FOO,"echo $arg|"); # Not OK
open(FOO,"-|")
or exec 'echo', $arg; # not OK
$shout = `echo $arg`; # , $shout
unlink $data, $arg; #
umask $arg; #
exec "echo $arg"; #
exec "echo", $arg; #
exec "sh", '-c', $arg; #
@files = <*.c>; # ( readdir() )
@files = glob('*.c'); # ( readdir() )
# In Perl releases older than 5.6.0 the <*.c> and glob('*.c') would
# have used an external program to do the filename expansion; but in
# either case the result is tainted since the list of filenames comes
# from outside of the program.
$bad = ($arg, 23); # $bad will be tainted
$arg, `true`; # Insecure (although it isn't really)
"Insecure dependency""Insecure $ENV{PATH}"
Laundering and Detecting Tainted Data
"Insecure dependency"CPANTaint.pm1997 is_tainted()
sub is_tainted {
return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 };
}
""
Perl$1, $2
'@''.'
if ($data =~ /^([-\@\w.]+)$/) {
$data = $1; # $data now untainted
} else {
die "Bad data in '$data'"; # log this somewhere
}
/384/Perl
use locale$data1416
"#!"PerlPerlsetuidsetgid"#!"UnixUnix-like"#!"-wU-w
-U#!setuidsetgidUnixUnix-like
Taint mode and @INC
When the taint mode ("-T") is in effect, the "." directory is removed
from @INC, and the environment variables "PERL5LIB" and "PERLLIB" are
ignored by Perl. You can still adjust @INC from outside the program by
using the "-I" command line option as explained in perlrun. The two
environment variables are ignored because they are obscured, and a user
running a program could be unaware that they are set, whereas the "-I"
option is clearly visible and therefore permitted.
Another way to modify @INC without modifying the program, is to use the
"lib" pragma, e.g.:
perl -Mlib=/foo program
The benefit of using "-Mlib=/foo" over "-I/foo", is that the former
will automagically remove any duplicated directories, while the later
will not.
Cleaning Up Your Path
"Insecure $ENV{PATH}"$ENV{PATH}PATHPerlPATHPATH
PATHshellIFSCDPATHENVBASH_ENVPerlset-id
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # %ENV
openPerl
systemexecPerlshellopenglobbacktickbacktick
Perlsetuidsetgid""OPENIDumaskOPEN
backtickshellexecshellshell
use English '-no_match_vars';
die "Can't fork: $!" unless defined($pid = open(KID, "-|"));
if ($pid) { # parent
while (<KID>) {
# do something
}
close KID;
} else {
my @temp = ($EUID, $EGID);
my $orig_uid = $UID;
my $orig_gid = $GID;
$EUID = $UID;
$EGID = $GID;
# Drop privileges
$UID = $orig_uid;
$GID = $orig_gid;
# Make sure privs are really gone
($EUID, $EGID) = @temp;
die "Can't drop privileges"
unless $UID == $EUID && $GID eq $EGID;
$ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH.
# Consider sanitizing the environment even more.
exec 'myprog', 'arg1', 'arg2'
or die "can't exec myprog: $!";
}
globreaddir
set-idCGI
""PerlSafe
Security Bugs
Unixset-idset-id
""set-idset-idPerlsetuid/gid, setuidsetgidsuidperl
set-idPerlset-idset-idC WrapperC WrapperPerlset-idC Wrapper
#define REAL_PATH "/path/to/script"
main(ac, av)
char **av;
{
execv(REAL_PATH, av);
}
C Wrappersetuidsetgid
set-id/dev/fd/3Perl-DSETUID_SCRIPTS_ARE_SECURE_NOWConfigureSVR4BSD4.4
Perl 5.6.1 suidperl
Protecting Your Programs
Perl""
""CGI0755
""
CPANFilter::*Perl
""
Unicode
Unicode is a new and complex technology and one may easily overlook
certain security pitfalls. See perluniintro for an overview and
perlunicode for details, and "Security Implications of Unicode" in
perlunicode for security implications in particular.
Algorithmic Complexity Attacks
Certain internal algorithms used in the implementation of Perl can be
attacked by choosing the input carefully to consume large amounts of
either time or space or both. This can lead into the so-called Denial
of Service (DoS) attacks.
o Hash Function - the algorithm used to "order" hash elements has
been changed several times during the development of Perl, mainly
to be reasonably fast. In Perl 5.8.1 also the security aspect was
taken into account.
In Perls before 5.8.1 one could rather easily generate data that as
hash keys would cause Perl to consume large amounts of time because
internal structure of hashes would badly degenerate. In Perl 5.8.1
the hash function is randomly perturbed by a pseudorandom seed
which makes generating such naughty hash keys harder. See
"PERL_HASH_SEED" in perlrun for more information.
The random perturbation is done by default but if one wants for
some reason emulate the old behaviour one can set the environment
variable PERL_HASH_SEED to zero (or any other integer). One
possible reason for wanting to emulate the old behaviour is that in
the new behaviour consecutive runs of Perl will order hash keys
differently, which may confuse some applications (like
Data::Dumper: the outputs of two different runs are no more
identical).
Perl has never guaranteed any ordering of the hash keys, and the
ordering has already changed several times during the lifetime of
Perl 5. Also, the ordering of hash keys has always been, and
continues to be, affected by the insertion order.
Also note that while the order of the hash elements might be
randomised, this "pseudoordering" should not be used for
applications like shuffling a list randomly (use
List::Util::shuffle() for that, see List::Util, a standard core
module since Perl 5.8.0; or the CPAN module
Algorithm::Numerical::Shuffle), or for generating permutations (use
e.g. the CPAN modules Algorithm::Permute or
Algorithm::FastPermute), or for any cryptographic applications.
o Regular expressions - Perl's regular expression engine is so called
NFA (Non-Finite Automaton), which among other things means that it
can rather easily consume large amounts of both time and space if
the regular expression may match in several ways. Careful crafting
of the regular expressions can help but quite often there really
isn't much one can do (the book "Mastering Regular Expressions" is
required reading, see perlfaq2). Running out of space manifests
itself by Perl running out of memory.
o Sorting - the quicksort algorithm used in Perls before 5.8.0 to
implement the sort() function is very easy to trick into
misbehaving so that it consumes a lot of time. Nothing more is
required than resorting a list already sorted. Starting from Perl
5.8.0 a different sorting algorithm, mergesort, is used. Mergesort
is insensitive to its input data, so it cannot be similarly fooled.
See <http://www.cs.rice.edu/~scrosby/hash/> for more information, and
any computer science text book on the algorithmic complexity.
SEE ALSO
perlrun
nan1nan1 <nan1nan1@hotmail.com>
20011223
http://cmpp.linuxforum.net