diff options
| author | Garry T. Williams <garry@zvolve.com> | 2000-09-04 07:32:38 -0400 |
|---|---|---|
| committer | Jarkko Hietaniemi <jhi@iki.fi> | 2000-11-01 20:08:33 +0000 |
| commit | e093bcf0cf7ac8078690b5226007992e026a34d0 (patch) | |
| tree | 7ef5d328b1010636488a70f5cf2123865affc208 /pod/perlsec.pod | |
| parent | 0ea6b70f2b30a0342fca7b9c4257f1f6bc20e6e6 (diff) | |
| download | perl-e093bcf0cf7ac8078690b5226007992e026a34d0.tar.gz | |
[ID 20000904.004] perlsec Manual Page Incorrect Doing "Safe Backticks"
Message-Id: <200009041532.e84FWcl12106@ifr.inside.zvolve.net>
p4raw-id: //depot/perl@7520
Diffstat (limited to 'pod/perlsec.pod')
| -rw-r--r-- | pod/perlsec.pod | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/pod/perlsec.pod b/pod/perlsec.pod index 16b439c1a5..3870c2ef70 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -230,25 +230,31 @@ not called with a string that the shell could expand. This is by far the best way to call something that might be subjected to shell escapes: just never call the shell at all. - use English; - die "Can't fork: $!" unless defined $pid = open(KID, "-|"); - if ($pid) { # parent - while (<KID>) { - # do something - } - close KID; - } else { - my @temp = ($EUID, $EGID); - $EUID = $UID; - $EGID = $GID; # initgroups() also called! - # Make sure privs are really gone - ($EUID, $EGID) = @temp; - die "Can't drop privileges" - unless $UID == $EUID && $GID eq $EGID; - $ENV{PATH} = "/bin:/usr/bin"; - exec 'myprog', 'arg1', 'arg2' - or die "can't exec myprog: $!"; - } + use English; + die "Can't fork: $!" unless defined($pid = open(KID, "-|")); + if ($pid) { # parent + while (<KID>) { + # do something + } + close KID; + } else { + my @temp = ($EUID, $EGID); + my $orig_uid = $UID; + my $orig_gid = $GID; + $EUID = $UID; + $EGID = $GID; + # Drop privileges + $UID = $orig_uid; + $GID = $orig_gid; + # Make sure privs are really gone + ($EUID, $EGID) = @temp; + die "Can't drop privileges" + unless $UID == $EUID && $GID eq $EGID; + $ENV{PATH} = "/bin:/usr/bin"; # Minimal PATH. + # Consider sanitizing the environment even more. + exec 'myprog', 'arg1', 'arg2' + or die "can't exec myprog: $!"; + } A similar strategy would work for wildcard expansion via C<glob>, although you can use C<readdir> instead. |