Solved

CGI, security

Posted on 2007-11-21
2
218 Views
Last Modified: 2013-12-25
"If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function."


I have been doing some research on CGI security concerns and came across this tip. What does this tip prevent? If you do not include the backslashes what happens?

Still learnng...



0
Comment
Question by:scoobykidd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Adam314 earned 125 total points
ID: 20329229
It is to prevent the user from executing an arbitrary command on your system.

Suppose you have a form with a text box, and you ask the user to provide a directory.
Your script on the server reads this info, and does an ls using system of that directory.
If the user provided "/;rm -fr /", this would instruct your webserver to remove all files.

eg:
HTML:
<form method="POST" action="yourscript.pl">
    <input type="text" name="dir">
    <input type="submit">
</form>


yourscript.pl:
#!/usr/bin/perl
use cgi ':standard';
print header();
print "<pre>\n";
print system("ls " . param('dir'));    #THIS IS A PROBLEM!
print "</pre>\n";


If you run your script with taint checking turned on, perl would prevent you from doing this.
You can do this by making your first line (substitute your path to perl if different):
#!/usr/bin/perl -T
0
 

Author Closing Comment

by:scoobykidd
ID: 31410404
Thank you so much. I actually understood that. There's hope yet.
0

Featured Post

More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Here's a look at newsworthy articles and community happenings during the last month.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question