?
Solved

rename an uploaded file with cgi-lib.pl

Posted on 1997-03-11
4
Medium Priority
?
314 Views
Last Modified: 2013-12-25
I make correctly the upload of a file using the cgi-lib.pl,
but I would like to obtain on the server the file with the
originary name.
I can do the renaming only using a constant string in this way:
 rename $cgi_sfn{'upfile'}, $cgi_lib::writefiles."gilo";

but doing it using a variable string causes an error:
rename $cgi_sfn{'upfile'}, $cgi_lib::writefiles."$cfn";

The error_log file says:
Insecure dependency in rename while running with -T switch at /home/gilo/cgi-bin/UpJust.cgi line 39.
access to /home/gilo/cgi-bin/UpJust.cgi failed
reason: malformed header from script

Do someone know how to avoid this kind of error?
0
Comment
Question by:gilo
  • 2
4 Comments
 
LVL 3

Expert Comment

by:pc012197
ID: 1827750
Hi there... we've met before, haven't we? :-)

The following is from the perl documentation ('man perlsec'):

When executing a setuid script, or when you have turned on taint checking explicitly using the -T flag, Perl takes special precautions to prevent you from falling into any obvious traps.  (In some ways, a Perl script is more secure than the corresponding C program.)  Any command line argument, environment variable, or input is marked as "tainted", and may not be used, directly or indirectly, in any command that invokes a subshell, or in any command that modifies files, directories, or processes.

As I see it the only way to avoid the error in your script is to take out the -T option.

0
 

Author Comment

by:gilo
ID: 1827751
Hi pc, how are you?
I would have continued our previous history but in the old page disappeared the form
to send other comments, so I had to send another question, but I'm happy to have
found you again because you already know my problem.

I just would like to know where have I to add this -T flag.
I call the cgi program from the browser, then in the program I call the Readparse
routine of cgi-lib.pl and the program make the uploading.

I can't imagine where I can insert this flag.

Be patient with me  :-)

Ciao  
0
 

Author Comment

by:gilo
ID: 1827752
I'm still waiting for an answer
0
 
LVL 1

Accepted Solution

by:
Fordream earned 450 total points
ID: 1827753
Hello, pc!
 AS you the error occurs because '-T', the taint-check option is enabled. But you don't know that where is it inserted? Okay?
 I know that '-T' option automatically is inserted when security is needed like when script is setuided or ALSO CGI.
 While this option is enabled, 'Any command line argument, environment variable, or input is marked as "tainted", and may not be used, directly or indirectly, in any command that invokes a subshell, or in any command that modifies files, directories, or processes.'. You violated that.
 To go on, you should secure that. To see how to secure, I recommand you to see man page about 'perlsec', the perl security. if you can't find that. Reply me. then I'll post that.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question