CGI, security

"If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function."


I have been doing some research on CGI security concerns and came across this tip. What does this tip prevent? If you do not include the backslashes what happens?

Still learnng...



scoobykiddAsked:
Who is Participating?
 
Adam314Connect With a Mentor Commented:
It is to prevent the user from executing an arbitrary command on your system.

Suppose you have a form with a text box, and you ask the user to provide a directory.
Your script on the server reads this info, and does an ls using system of that directory.
If the user provided "/;rm -fr /", this would instruct your webserver to remove all files.

eg:
HTML:
<form method="POST" action="yourscript.pl">
    <input type="text" name="dir">
    <input type="submit">
</form>


yourscript.pl:
#!/usr/bin/perl
use cgi ':standard';
print header();
print "<pre>\n";
print system("ls " . param('dir'));    #THIS IS A PROBLEM!
print "</pre>\n";


If you run your script with taint checking turned on, perl would prevent you from doing this.
You can do this by making your first line (substitute your path to perl if different):
#!/usr/bin/perl -T
0
 
scoobykiddAuthor Commented:
Thank you so much. I actually understood that. There's hope yet.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.