Solved

CGI, security

Posted on 2007-11-21
2
215 Views
Last Modified: 2013-12-25
"If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function."


I have been doing some research on CGI security concerns and came across this tip. What does this tip prevent? If you do not include the backslashes what happens?

Still learnng...



0
Comment
Question by:scoobykidd
2 Comments
 
LVL 39

Accepted Solution

by:
Adam314 earned 125 total points
ID: 20329229
It is to prevent the user from executing an arbitrary command on your system.

Suppose you have a form with a text box, and you ask the user to provide a directory.
Your script on the server reads this info, and does an ls using system of that directory.
If the user provided "/;rm -fr /", this would instruct your webserver to remove all files.

eg:
HTML:
<form method="POST" action="yourscript.pl">
    <input type="text" name="dir">
    <input type="submit">
</form>


yourscript.pl:
#!/usr/bin/perl
use cgi ':standard';
print header();
print "<pre>\n";
print system("ls " . param('dir'));    #THIS IS A PROBLEM!
print "</pre>\n";


If you run your script with taint checking turned on, perl would prevent you from doing this.
You can do this by making your first line (substitute your path to perl if different):
#!/usr/bin/perl -T
0
 

Author Closing Comment

by:scoobykidd
ID: 31410404
Thank you so much. I actually understood that. There's hope yet.
0

Featured Post

The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Extra security implementation for 2017 9 68
Opinions of Sophos Intercept X and Endpoint Security 2 49
sql server service accounts 4 42
Wordpress Security 29 46
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
The viewer will learn how to count occurrences of each item in an array.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question