Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Jan 2006 16:44:07 +0100 (CET)
From:      Lupe Christoph <lupe@lupe-christoph.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/91872: p5-Net-Server fails to untaint the executable path
Message-ID:  <20060116154407.22432A772@firewally.lupe-christoph.de>
Resent-Message-ID: <200601161550.k0GFo4RL010212@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         91872
>Category:       ports
>Synopsis:       p5-Net-Server fails to untaint the executable path
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 16 15:50:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Lupe Christoph
>Release:        FreeBSD 5.4-RELEASE-p7 i386
>Organization:
>Environment:
System: FreeBSD firewally.lupe-christoph.de 5.4-RELEASE-p7 FreeBSD 5.4-RELEASE-p7 #4: Tue Sep 13 20:23:52 CEST 2005 lupe@firewally.lupe-christoph.de:/usr/obj/usr/src/sys/FIREWALLY i386


	
>Description:
	The new version of p5-Net-Server has a fix for a problem I found earlier
	that prevents munin-node from restarting on a HUP signal. But the fix is
	incomplete because it does not take perl's taint mode into account.

	I have created a ticket on rt.cpan.org: http://rt.cpan.org//Ticket/Display.html?id=17090
>How-To-Repeat:
	Install sysutils/munin-node. Start munin-node. Send the process a HUP.
>Fix:

	This fix also corrects another problem - relative pathes are not recognized
	except when they start with a '.'.

--- Net-Server.patch begins here ---
--- /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm.orig	Mon Dec  5 22:13:04 2005
+++ /usr/local/lib/perl5/site_perl/5.8.7/Net/Server.pm	Mon Jan 16 16:26:49 2006
@@ -133,6 +133,7 @@
   ### see if we can find the full command line
   if (open _CMDLINE, "/proc/$$/cmdline") { # unix specific
     my $line = do { local $/ = undef; <_CMDLINE> };
+    ($line) = $line =~ /^(.*)$/; # untaint
     close _CMDLINE;
     if ($line) {
       return [split /\0/, $line];
@@ -140,7 +141,8 @@
   }
 
   my $script = $0;
-  $script = $ENV{'PWD'} .'/'. $script if $script =~ m|^\.+/| && $ENV{'PWD'}; # add absolute to relative
+  $script = $ENV{'PWD'} .'/'. $script if $script !~ m|^\//| && $ENV{'PWD'}; # add absolute to relative
+  ($script) = $script =~ /^(.*)$/; # untaint
   return [ $script, @ARGV ]
 }
 
--- Net-Server.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060116154407.22432A772>