Earl Hood writes:
Something is setuid and perl is running in taint mode. I have
not developed MHonArc with tainting in mind, and it would probably
be alot of work to make work in tainted mode.
I don't know about MHonArc, but my experience in making HyperNews
taint-worthy suggests to me that you are most likely right. Tracking
down the source of each tainted data, once you discover what data is
tainted in the first place, was quite tedious. Untainting the data
early enough was also a chore. I developed a couple routines to check
whether something is tainted, and untaint appropriately.
#-------------------------
# Taint-related routines.
sub is_tainted {
# from perlsec
return ! eval {
join('',@_), kill 0;
1;
};
}
sub ErrorIfTainted {
&HNError("Tainted values: '@_'") if &is_tainted(@_);
}
sub untaintPath {
my ($path) = @_;
# Encode any weird chars.
$path =~ s{[^\w\-\.\,/:=+\~]} {'%' . sprintf('%2x', ord($&))}xeg;
$path =~ s{(^|/)[^/]+/\.\.}{}g; # Collapse all 'dir/..'.
&HNUserError ("No relative paths allowed: '$path'")
if $path =~ m,(^|/)\.\.,; # if any '..' remains
$path =~ m{.*}; # Final untaint of the rest.
$path = $&;
return $path;
}
sub untaintID {
# Allow only characters of UserIDs or Email addresses to pass through.
my ($id) = @_;
$id =~ s{\s*}{}g if !$allow_spaces_in_userids; # Remove whitespace.
$id =~ m{^([\(_at_)A-Za-z0-9_=+%/\.\-]*)$};
$id = $1; # Untaint here
return $id;
}
