?
Solved

CGI, security

Posted on 2007-11-21
2
Medium Priority
?
223 Views
Last Modified: 2013-12-25
"If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function."


I have been doing some research on CGI security concerns and came across this tip. What does this tip prevent? If you do not include the backslashes what happens?

Still learnng...



0
Comment
Question by:scoobykidd
2 Comments
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 20329229
It is to prevent the user from executing an arbitrary command on your system.

Suppose you have a form with a text box, and you ask the user to provide a directory.
Your script on the server reads this info, and does an ls using system of that directory.
If the user provided "/;rm -fr /", this would instruct your webserver to remove all files.

eg:
HTML:
<form method="POST" action="yourscript.pl">
    <input type="text" name="dir">
    <input type="submit">
</form>


yourscript.pl:
#!/usr/bin/perl
use cgi ':standard';
print header();
print "<pre>\n";
print system("ls " . param('dir'));    #THIS IS A PROBLEM!
print "</pre>\n";


If you run your script with taint checking turned on, perl would prevent you from doing this.
You can do this by making your first line (substitute your path to perl if different):
#!/usr/bin/perl -T
0
 

Author Closing Comment

by:scoobykidd
ID: 31410404
Thank you so much. I actually understood that. There's hope yet.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Experts Exchange expands question security options for members.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question