?
Solved

CGI, security

Posted on 2007-11-21
2
Medium Priority
?
219 Views
Last Modified: 2013-12-25
"If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function."


I have been doing some research on CGI security concerns and came across this tip. What does this tip prevent? If you do not include the backslashes what happens?

Still learnng...



0
Comment
Question by:scoobykidd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 20329229
It is to prevent the user from executing an arbitrary command on your system.

Suppose you have a form with a text box, and you ask the user to provide a directory.
Your script on the server reads this info, and does an ls using system of that directory.
If the user provided "/;rm -fr /", this would instruct your webserver to remove all files.

eg:
HTML:
<form method="POST" action="yourscript.pl">
    <input type="text" name="dir">
    <input type="submit">
</form>


yourscript.pl:
#!/usr/bin/perl
use cgi ':standard';
print header();
print "<pre>\n";
print system("ls " . param('dir'));    #THIS IS A PROBLEM!
print "</pre>\n";


If you run your script with taint checking turned on, perl would prevent you from doing this.
You can do this by making your first line (substitute your path to perl if different):
#!/usr/bin/perl -T
0
 

Author Closing Comment

by:scoobykidd
ID: 31410404
Thank you so much. I actually understood that. There's hope yet.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question